Yesterday I had something called Gzatib (I think) trying to make some kind of registry change over and over. I put headphones in so that I wouldnt here a non-stop ping from Tea Timer. I did everything from the READ BEFORE YOU POST.

So today I am trying to install Star Craft 2 and the cd isn't working and I can't download from Blizzard. Here's that DDS (I really hope it's the right one there are two):


DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2009 3:31:42 PM
System Uptime: 7/27/2010 5:07:42 PM (0 hours ago)

Motherboard: FOXCONN | | A7GM-S 2.0
Processor: AMD Phenom(tm) 8450 Triple-Core Processor | Socket 940 | 2100/200mhz
Processor: AMD Phenom(tm) 8450 Triple-Core Processor | Socket 940 | 2100/200mhz
Processor: AMD Phenom(tm) 8450 Triple-Core Processor | Socket 940 | 2100/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 16.951 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_0E17105B&REV_00\3&267A616A&0&92
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_0E17105B&REV_00\3&267A616A&0&92
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_43961002&REV_00\3&267A616A&0&9A
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_43961002&REV_00\3&267A616A&0&9A
Service:

==== System Restore Points ===================

RP444: 7/22/2010 4:23:55 AM - System Checkpoint
RP445: 7/23/2010 4:52:19 AM - System Checkpoint
RP446: 7/24/2010 5:39:56 AM - System Checkpoint
RP447: 7/25/2010 6:24:36 AM - System Checkpoint
RP448: 7/26/2010 6:58:37 AM - System Checkpoint

==== Installed Programs ======================

Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI HYDRAVISION
ATI Parental Control & Encoder
Bonjour
BrowserZinc 1.0 build 151
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
City of Villains/City of Heroes (remove only)
Diablo II
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.03.800
ERUNT 1.1j
Gimp 2.6.2 Debug
Google Chrome
Google Update Helper
HandyGamez Toolbar
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
InstallIQ Updater
iTunes
Java Auto Updater
Java(TM) 6 Update 20
League of Legends
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
MobileMe Control Panel
Mozilla Firefox (3.5.9)
Mozilla Thunderbird (3.0.4)
OpenOffice.org 3.1
Opera 10.60
Pando Media Booster
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for Windows Internet Explorer 8 (KB969897)
Skins
Sony Ericsson Media Manager 1.2
Spybot - Search & Destroy
StarCraft
System Requirements Lab
The Lord of the Rings FREE Trial
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB898461)
Update for Windows XP (KB932823-v3)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wakfu
Warcraft III
Warhammer Online - Age of Reckoning
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 2
World of Warcraft
Xfire (remove only)
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== Event Viewer Messages From Past Week ========

7/24/2010 11:26:31 AM, error: Service Control Manager [7034] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s).
7/24/2010 11:26:23 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/24/2010 11:24:03 AM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
7/24/2010 11:22:35 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/24/2010 11:22:27 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
7/24/2010 11:22:27 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/24/2010 11:22:27 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2010 11:20:24 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/24/2010 11:20:00 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
7/24/2010 11:19:57 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2010 11:19:43 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/24/2010 11:18:47 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
7/24/2010 1:46:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/24/2010 1:46:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/24/2010 1:45:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
7/24/2010 1:45:33 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2010 1:45:33 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2010 1:45:33 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2010 1:45:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2010 1:45:33 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2010 1:45:33 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/23/2010 10:51:29 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/23/2010 10:51:17 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
7/23/2010 10:39:53 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/23/2010 10:39:53 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/23/2010 10:39:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the BrowserZinc Service service to connect.

==== End Of File ===========================

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Need to see the first DDS log that opens

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com (http://www.techsupportforum.com/sectools/sUBs/dds)
DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://www.forospyware.com/sUBs/dds)

Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)

This response is really confusing. I said I did read before I posted and I obviously don't need to download DDS since I posted a DDS log. Is that the wrong log? I dont know why there were two. Wouldn't it be easier to say "wrong log"?

Good Morning,

Thats just a standard greeting, wanted to make sure you read it all. I also posted the instructions to redownload it as the instructions say to delete it when done, and yes you did post the wrong log.

Let me explain this also, we are all volunteers on this forum and all the other malware forums, we do this in our own spare time because we really dispise the the scum who write this stuff and like helping people like yourself. Most of us are active on other forums also helping as many as sometimes 20 or so people at the same time. My self, been at this for over 7 years and helped 1000s of people so I really do not have the time to mince words.This i might add is a free service.

The choice is yours, you can follow my instructions to post the proper DDS log or you can take your computer into a shop for repair, I understand that the Geek Squad at Best Buy charges around $145 just to look.

If no reply in 3 days this topic will be closed

Sorry it took so long to respond the virus figured out a way to block me from posting on the forums or sending email. It took me forever to find a way to get the DDS log to a 2nd PC!

Also sorry about posting the wrong log. When I looked at them both again I did a facepalm. Onto the right one:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Morez at 12:38:17.42 on Sun 08/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2801
[GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k wudfservicegroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\windows\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Update Today Driver\1.4.0.2080\InternetToday.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Update Today Driver\1.4.0.2080\InternetToday.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\svchost.exe -k httpfilter
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Morez\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -
c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer:
{3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all
users\application
data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -
c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper:
{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class:
{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program
files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Kyinupic] rundll32.exe "c:\windows\dersd3.dll",Startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Update Today Driver Task] "c:\program files\update today
driver\1.4.0.2080\InternetToday.exe"
mRun: [TkBellExe] "c:\program files\common
files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java
update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati
technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ATICustomerCare] "c:\program
files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile
device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader
9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Tgazib] rundll32.exe "c:\windows\ujoxodok.dll",Startup
StartupFolder: c:\docume~1\morez\startm~1\programs\startup\erunta~1.lnk
- c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\morez\startm~1\programs\startup\openof~1.lnk
- c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\morez\startm~1\programs\startup\xfire.lnk -
c:\program files\xfire\Xfire.exe
IE: &Funband Serach - c:\program files\handygamez
toolbar\2.4.0.10440\mvb0.dll/MENUSEARCH.HTM
IE: Google Sidewiki... - c:\program files\google\google
toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
{53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} -
hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239406062373
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

S2 BrowserZinc Service;BrowserZinc Service;c:\documents and settings\all
users\application data\browserzinc\browserzinc151.exe [2010-6-29 65808]
S2 gupdate;Google Update Service (gupdate);c:\program
files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-23
1684736]

=============== Created Last 30 ================

2010-07-29 01:07:43 0 d-----w- c:\program files\StarCraft II
2010-07-29 01:04:00 0 d-----w- c:\windows\SxsCaPendDel
2010-07-29 01:00:02 0 d-----w- c:\windows\system32\appmgmt
2010-07-28 06:21:28 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-07-27 23:23:27 0 d-----w- c:\windows\pss
2010-07-25 09:45:45 12185 ----a-w- c:\documents and
settings\morez\.recently-used.xbel
2010-07-24 08:34:37 0 d-sh--w- c:\documents and
settings\morez\IECompatCache
2010-07-24 05:40:13 2804 ----a-w- c:\windows\ovawogepukogibux.dll
2010-07-24 04:20:48 120 ----a-w- c:\windows\Bruvuticab.dat
2010-07-24 04:20:48 0 ----a-w- c:\windows\Etowulohoqusiw.bin
2010-07-09 19:04:40 41872 ----a-w- c:\windows\system32\xfcodec.dll

==================== Find3M ====================

2010-07-07 02:27:52 5069312 ----a-w-
c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58:26 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:58:18 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:57:02 4337664 ----a-w-
c:\windows\system32\aticaldd.dll
2010-07-07 01:53:00 15499264 ----a-w-
c:\windows\system32\atioglxx.dll
2010-07-07 01:50:14 311296 ----a-w-
c:\windows\system32\atiiiexx.dll
2010-07-07 01:48:54 446464 ----a-w-
c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47:56 299520 ----a-w-
c:\windows\system32\ati2dvag.dll
2010-07-07 01:41:18 3869952 ----a-w-
c:\windows\system32\ati3duag.dll
2010-07-07 01:33:00 208896 ----a-w-
c:\windows\system32\atipdlxx.dll
2010-07-07 01:32:48 155648 ----a-w-
c:\windows\system32\Oemdspif.dll
2010-07-07 01:32:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32:24 159744 ----a-w-
c:\windows\system32\ati2evxx.dll
2010-07-07 01:31:10 602112 ----a-w-
c:\windows\system32\ati2evxx.exe
2010-07-07 01:29:56 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29:06 143360 ----a-w-
c:\windows\system32\atiapfxx.exe
2010-07-07 01:28:10 2273920 ----a-w-
c:\windows\system32\ativvaxx.dll
2010-07-07 01:27:42 887724 ----a-w-
c:\windows\system32\ativva6x.dat
2010-07-07 01:25:48 573440 ----a-w-
c:\windows\system32\atikvmag.dll
2010-07-07 01:24:52 393216 ----a-w-
c:\windows\system32\atiok3x2.dll
2010-07-07 01:24:06 184320 ----a-w-
c:\windows\system32\atiadlxx.dll
2010-07-07 01:23:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19:10 704512 ----a-w-
c:\windows\system32\ati2cqag.dll
2010-07-07 01:15:58 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:15:58 65024 ----a-w-
c:\windows\system32\amdpcom32.dll
2010-07-07 01:15:22 53248 ----a-w-
c:\windows\system32\drivers\ati2erec.dll
2010-07-01 11:30:54 95024 ----a-w-
c:\windows\system32\drivers\SBREDrv.sys
2010-06-04 08:01:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-11 20:42:08 205156 ----a-w-
c:\windows\system32\atiicdxx.dat

============= FINISH: 12:39:26.18 ===============

Good Morning,

You do have some issues going on.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

It took 3 tries to get it started but then it went perfectly.

ComboFix 10-08-02.01 - Morez 08/02/2010 12:37:25.1.3 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2959 [GMT -7:00]
Running from: c:\documents and settings\Morez\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\BrowserZinc
c:\documents and settings\All Users\Application Data\BrowserZinc\browserzinc151.exe
c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Hiding From Viruses\Local Settings\Application Data\{D528587C-DDC2-45AA-82A8-11A0035BFF15}
c:\documents and settings\Hiding From Viruses\Local Settings\Application Data\{D528587C-DDC2-45AA-82A8-11A0035BFF15}\chrome.manifest
c:\documents and settings\Hiding From Viruses\Local Settings\Application Data\{D528587C-DDC2-45AA-82A8-11A0035BFF15}\chrome\content\_cfg.js
c:\documents and settings\Hiding From Viruses\Local Settings\Application Data\{D528587C-DDC2-45AA-82A8-11A0035BFF15}\chrome\content\overlay.xul
c:\documents and settings\Hiding From Viruses\Local Settings\Application Data\{D528587C-DDC2-45AA-82A8-11A0035BFF15}\install.rdf
c:\documents and settings\Morez\Local Settings\Temporary Internet Files\mvb06759.tmp
c:\documents and settings\Test\Desktop\nudetube.com.lnk
c:\documents and settings\Test\Desktop\pornotube.com.lnk
c:\documents and settings\Test\Desktop\spam001.exe
c:\documents and settings\Test\Desktop\spam003.exe
c:\documents and settings\Test\Desktop\troj000.exe
c:\documents and settings\Test\Desktop\youporn.com.lnk
c:\program files\Advanced Entry Provider
c:\program files\Advanced Entry Provider\4.4.0.2380\AEPCommon.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\AEPIEAddOn.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\AEPpx.exe
c:\program files\Advanced Entry Provider\4.4.0.2380\Data\config.md
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome.manifest
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\AEPAddOn.jar
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.js
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.xul
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.dll
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.xpt
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFHelperComponent.js
c:\program files\Advanced Entry Provider\4.4.0.2380\FF\install.rdf
c:\program files\Advanced Entry Provider\4.4.0.2380\unins000.dat
c:\program files\Advanced Entry Provider\4.4.0.2380\unins000.exe
c:\program files\Live Access Operator
c:\program files\Live Access Operator\4.4.0.5790\Data\config.md
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome.manifest
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\content\LAOAddOn.js
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\content\LAOAddOn.xul
c:\program files\Live Access Operator\4.4.0.5790\FF\chrome\LAOAddOn.jar
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.dll
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.xpt
c:\program files\Live Access Operator\4.4.0.5790\FF\components\LAOFFHelperComponent.js
c:\program files\Live Access Operator\4.4.0.5790\FF\install.rdf
c:\program files\Live Access Operator\4.4.0.5790\LAOCommon.dll
c:\program files\Live Access Operator\4.4.0.5790\LAOIEAddOn.dll
c:\program files\Live Access Operator\4.4.0.5790\unins000.dat
c:\program files\Live Access Operator\4.4.0.5790\unins000.exe
c:\program files\Real Search Enhancer
c:\program files\Real Search Enhancer\4.4.0.2520\Data\config.md
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome.manifest
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.js
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.xul
c:\program files\Real Search Enhancer\4.4.0.2520\FF\chrome\RSEAddOn.jar
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.dll
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.xpt
c:\program files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFHelperComponent.js
c:\program files\Real Search Enhancer\4.4.0.2520\FF\install.rdf
c:\program files\Real Search Enhancer\4.4.0.2520\RSE.dll
c:\program files\Real Search Enhancer\4.4.0.2520\RSECommon.dll
c:\program files\Real Search Enhancer\4.4.0.2520\RSEpx.exe
c:\program files\Real Search Enhancer\4.4.0.2520\unins000.dat
c:\program files\Real Search Enhancer\4.4.0.2520\unins000.exe
c:\program files\Simplified Textual Finder
c:\program files\Simplified Textual Finder\1.4.0.3500\config.mx
c:\program files\Simplified Textual Finder\1.4.0.3500\data.mx
c:\program files\Simplified Textual Finder\1.4.0.3500\exclude.mx
c:\program files\Simplified Textual Finder\1.4.0.3500\FF\chrome.manifest
c:\program files\Simplified Textual Finder\1.4.0.3500\FF\chrome\content\AddOn.js
c:\program files\Simplified Textual Finder\1.4.0.3500\FF\chrome\content\AddOn.xul
c:\program files\Simplified Textual Finder\1.4.0.3500\FF\components\LRI.dll
c:\program files\Simplified Textual Finder\1.4.0.3500\FF\components\STFFFAddOn.dll
c:\program files\Simplified Textual Finder\1.4.0.3500\FF\components\STFFFAddOn.xpt
c:\program files\Simplified Textual Finder\1.4.0.3500\FF\install.rdf
c:\program files\Simplified Textual Finder\1.4.0.3500\LRI.dll
c:\program files\Simplified Textual Finder\1.4.0.3500\MatchingData.zd5
c:\program files\Simplified Textual Finder\1.4.0.3500\pxtmpdata.mx
c:\program files\Simplified Textual Finder\1.4.0.3500\running.mx
c:\program files\Simplified Textual Finder\1.4.0.3500\STFIE.dll
c:\program files\Simplified Textual Finder\1.4.0.3500\stfpx.exe
c:\program files\Simplified Textual Finder\1.4.0.3500\stfsh.dll
c:\program files\Simplified Textual Finder\1.4.0.3500\unins000.dat
c:\program files\Simplified Textual Finder\1.4.0.3500\unins000.exe
c:\program files\Targeted Content Wizard
c:\program files\Targeted Content Wizard\1.4.0.3500\data\pxtmpdata.mx
c:\program files\Targeted Content Wizard\1.4.0.3500\data\TP_Config.mx
c:\program files\Targeted Content Wizard\1.4.0.3500\data\TP_Data.mx
c:\program files\Targeted Content Wizard\1.4.0.3500\data\TP_DomainExcludeList.mx
c:\program files\Targeted Content Wizard\1.4.0.3500\data\TP_DomainInterval.mx
c:\program files\Targeted Content Wizard\1.4.0.3500\data\TP_KeywordInterval.mx
c:\program files\Targeted Content Wizard\1.4.0.3500\data\TP_Rstatus.mx
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\chrome.manifest
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\chrome\content\FFAddOn.js
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\chrome\content\FFAddOn.js.bak
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\chrome\content\FFAddOn.xul
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\chrome\content\FFAddOn.xul.bak
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\components\FFHelperComponent.js
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\components\ITCWFFComponent.xpt
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\components\TCWFFAddOn.dll
c:\program files\Targeted Content Wizard\1.4.0.3500\FF\install.rdf
c:\program files\Targeted Content Wizard\1.4.0.3500\TCWIE.dll
c:\program files\Targeted Content Wizard\1.4.0.3500\tcwpx.exe
c:\program files\Targeted Content Wizard\1.4.0.3500\unins000.dat
c:\program files\Targeted Content Wizard\1.4.0.3500\unins000.exe
c:\windows\dersd3.dll
c:\windows\idilobakamodeta.dll
c:\windows\ovawogepukogibux.dll
c:\windows\PRAGMAegexyrbvsi
c:\windows\PRAGMAegexyrbvsi\pragmabbr.dll
c:\windows\PRAGMAegexyrbvsi\PRAGMAc.dll
c:\windows\PRAGMAegexyrbvsi\PRAGMAcfg.ini
c:\windows\PRAGMAegexyrbvsi\PRAGMAd.sys
c:\windows\PRAGMAegexyrbvsi\pragmaserf.dll
c:\windows\PRAGMAegexyrbvsi\PRAGMAsrcr.dat

Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BROWSERZINC_SERVICE
-------\Legacy_PRAGMAEGEXYRBVSI
-------\Service_BrowserZinc Service
-------\Service_PRAGMAegexyrbvsi


((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-02 08:15 . 2010-08-02 08:15 -------- d-----w- c:\documents and settings\Morez\Local Settings\Application Data\{1F834639-5712-4F4C-AD27-5BEFC9E1A1FC}
2010-08-01 05:15 . 2010-08-01 05:15 17280 ----a-w- c:\documents and settings\Hiding From Viruses\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-01 04:54 . 2010-08-01 04:55 -------- d-----w- c:\documents and settings\Hiding From Viruses\Application Data\Xfire
2010-07-31 03:39 . 2010-07-31 03:39 -------- d-sh--w- c:\documents and settings\Test\PrivacIE
2010-07-31 01:44 . 2010-07-31 01:44 -------- d-----w- c:\documents and settings\Hiding From Viruses\Local Settings\Application Data\PCHealth
2010-07-31 01:41 . 2010-07-31 01:41 -------- d-sh--w- c:\documents and settings\Hiding From Viruses\PrivacIE
2010-07-31 01:19 . 2010-07-31 01:19 -------- d-----w- c:\documents and settings\Hiding From Viruses\Local Settings\Application Data\Opera
2010-07-31 00:49 . 2010-07-31 00:49 503808 ----a-w- c:\documents and settings\Hiding From Viruses\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74700990-n\msvcp71.dll
2010-07-31 00:49 . 2010-07-31 00:49 499712 ----a-w- c:\documents and settings\Hiding From Viruses\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74700990-n\jmc.dll
2010-07-31 00:49 . 2010-07-31 00:49 348160 ----a-w- c:\documents and settings\Hiding From Viruses\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74700990-n\msvcr71.dll
2010-07-31 00:49 . 2010-07-31 00:49 61440 ----a-w- c:\documents and settings\Hiding From Viruses\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6203c816-n\decora-sse.dll
2010-07-31 00:49 . 2010-07-31 00:49 12800 ----a-w- c:\documents and settings\Hiding From Viruses\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6203c816-n\decora-d3d.dll
2010-07-30 18:04 . 2010-07-30 18:04 503808 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1569ac21-n\msvcp71.dll
2010-07-30 18:04 . 2010-07-30 18:04 499712 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1569ac21-n\jmc.dll
2010-07-30 18:04 . 2010-07-30 18:04 348160 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1569ac21-n\msvcr71.dll
2010-07-30 18:04 . 2010-07-30 18:04 61440 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e9a60a0-n\decora-sse.dll
2010-07-30 18:04 . 2010-07-30 18:04 12800 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e9a60a0-n\decora-d3d.dll
2010-07-30 18:01 . 2010-07-30 18:01 -------- d-----w- c:\documents and settings\Test\Local Settings\Application Data\{67759473-D461-487E-A724-1C201BE6F539}
2010-07-30 17:59 . 2010-07-30 17:59 -------- d-----w- c:\documents and settings\Test\Local Settings\Application Data\Update Today Driver
2010-07-29 01:32 . 2010-07-29 01:32 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-07-29 01:07 . 2010-07-29 01:32 -------- d-----w- c:\program files\StarCraft II
2010-07-29 01:04 . 2010-07-29 19:32 -------- d-----w- c:\windows\SxsCaPendDel
2010-07-29 01:02 . 2010-07-29 01:02 -------- d-----w- c:\documents and settings\Test\Local Settings\Application Data\Apple
2010-07-28 06:22 . 2010-07-28 06:22 -------- d-----w- c:\documents and settings\Test\Local Settings\Application Data\Opera
2010-07-27 23:33 . 2010-07-27 23:33 -------- d-----w- c:\program files\ERUNT
2010-07-24 20:46 . 2010-07-24 20:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-24 11:30 . 2010-07-24 11:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-24 08:34 . 2010-07-24 08:34 -------- d-sh--w- c:\documents and settings\Morez\IECompatCache
2010-07-24 04:20 . 2010-08-02 18:59 120 ----a-w- c:\windows\Bruvuticab.dat
2010-07-24 04:20 . 2010-08-02 08:15 0 ----a-w- c:\windows\Etowulohoqusiw.bin
2010-07-24 04:18 . 2010-07-24 06:12 -------- d-----w- c:\documents and settings\Morez\Local Settings\Application Data\gadednvfn
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 04:07 . 2010-07-08 04:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-04 00:51 . 2010-07-04 00:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 08:43 . 2009-07-15 01:45 -------- d-----w- c:\documents and settings\Morez\Application Data\Xfire
2010-08-02 07:04 . 2009-12-30 06:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-01 20:30 . 2010-03-06 19:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-31 00:43 . 2009-07-15 01:45 -------- d-----w- c:\program files\Xfire
2010-07-29 01:27 . 2009-08-20 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-07-29 01:27 . 2009-04-10 23:56 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-29 01:07 . 2009-10-09 07:41 -------- d-----w- c:\program files\City of Heroes
2010-07-29 01:03 . 2009-07-14 10:08 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 00:59 . 2010-07-01 09:31 -------- d-----w- c:\program files\Lavasoft
2010-07-29 00:58 . 2010-07-01 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-28 06:21 . 2010-07-28 06:21 17280 ----a-w- c:\documents and settings\Test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-27 23:00 . 2009-04-10 23:24 -------- d-----w- c:\program files\Google
2010-07-25 09:45 . 2010-05-19 18:33 -------- d-----w- c:\documents and settings\Morez\Application Data\gtk-2.0
2010-07-24 22:39 . 2010-01-13 19:19 1 ----a-w- c:\documents and settings\Morez\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-21 19:35 . 2009-06-29 07:59 -------- d-----w- c:\program files\Diablo II
2010-07-21 19:35 . 2009-04-10 23:58 -------- d-----w- c:\program files\World of Warcraft
2010-07-12 23:38 . 2010-01-31 00:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-07 02:27 . 2008-12-01 22:13 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58 . 2010-06-10 02:52 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:58 . 2010-06-10 02:52 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:57 . 2010-06-10 02:52 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:53 . 2008-12-01 20:46 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2009-04-10 23:01 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2009-04-10 23:01 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2008-12-01 20:51 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2008-12-01 20:27 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2008-12-01 20:41 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2008-12-01 20:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2008-12-01 20:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2008-12-01 20:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2008-12-01 20:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2008-12-01 20:38 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2008-12-01 20:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29 . 2010-06-10 02:52 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:28 . 2008-12-01 20:11 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2009-04-10 23:01 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2009-04-10 23:01 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2008-12-01 19:53 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2008-12-01 19:50 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2008-12-01 19:52 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2008-12-01 19:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2008-12-01 19:45 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2010-06-10 02:52 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:15 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2008-12-01 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-05 02:08 . 2009-06-28 01:39 -------- d-----w- c:\program files\Opera
2010-07-01 11:30 . 2010-07-01 11:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-01 09:29 . 2010-07-01 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-01 09:28 . 2010-07-01 09:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 02:53 . 2009-11-28 23:03 -------- d-----w- c:\program files\ATI
2010-06-08 19:10 . 2010-03-17 03:56 -------- d-----w- c:\program files\StarCraft
2010-06-01 21:37 . 2010-06-01 21:37 503808 ----a-w- c:\documents and settings\Morez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22c360b6-n\msvcp71.dll
2010-06-01 21:37 . 2010-06-01 21:37 499712 ----a-w- c:\documents and settings\Morez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22c360b6-n\jmc.dll
2010-06-01 21:37 . 2010-06-01 21:37 348160 ----a-w- c:\documents and settings\Morez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22c360b6-n\msvcr71.dll
2010-06-01 21:37 . 2010-06-01 21:37 61440 ----a-w- c:\documents and settings\Morez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30b1bad5-n\decora-sse.dll
2010-06-01 21:37 . 2010-06-01 21:37 12800 ----a-w- c:\documents and settings\Morez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30b1bad5-n\decora-d3d.dll
2010-05-29 08:41 . 2009-04-10 23:07 17280 ----a-w- c:\documents and settings\Morez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-24 00:31 . 2010-05-24 00:31 503808 ----a-w- c:\documents and settings\Morez\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5487b720-n\msvcp71.dll
2010-05-24 00:31 . 2010-05-24 00:31 499712 ----a-w- c:\documents and settings\Morez\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5487b720-n\jmc.dll
2010-05-24 00:31 . 2010-05-24 00:31 348160 ----a-w- c:\documents and settings\Morez\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5487b720-n\msvcr71.dll
2010-05-11 20:42 . 2009-04-10 23:01 205156 ----a-w- c:\windows\system32\atiicdxx.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"Update Today Driver Task"="c:\program files\Update Today Driver\1.4.0.2080\InternetToday.exe" [2010-03-03 401871]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-04 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-24 18670592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Morez\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\Morez\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56375:TCP"= 56375:TCP:Pando Media Booster
"56375:UDP"= 56375:UDP:Pando Media Booster
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"1119:TCP"= 1119:TCP:StarCraft II
"1119:UDP"= 1119:UDP:StarCraft II

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 3:31 PM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/23/2009 7:15 PM 1684736]
.
Contents of the 'Scheduled Tasks' folder

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:31]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:31]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-823518204-725345543-1003Core.job
- c:\documents and settings\Morez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 07:46]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-823518204-725345543-1003UA.job
- c:\documents and settings\Morez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 07:46]

2010-08-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-823518204-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-823518204-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-823518204-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-823518204-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-823518204-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-823518204-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-02 c:\windows\Tasks\User_Feed_Synchronization-{2A9BEE00-73DA-4EAC-8226-66553B5CFDA9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Funband Serach - c:\program files\HandyGamez Toolbar\2.4.0.10440\mvb0.dll/MENUSEARCH.HTM
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Kyinupic - c:\windows\dersd3.dll
HKLM-Run-Tgazib - c:\windows\idilobakamodeta.dll
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-02 12:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-823518204-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\midimap.dll

- - - - - - - > 'explorer.exe'(1248)
c:\windows\system32\WININET.dll
c:\program files\Xfire\xfire_toucan_43094.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wudfhost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2010-08-02 12:51:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-02 19:51

Pre-Run: 4,453,752,832 bytes free
Post-Run: 4,723,101,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - B731B918D7E67FBD07F20979109727D9

It removed quite a bit.

Did you create this folder
c:\documents and settings\Hiding From Viruses\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74700990-n\msvcr71.dll


You can right click and delete these both
c:\windows\Bruvuticab.dat
c:\windows\Etowulohoqusiw.bin




Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

didn't make that file.
done and done.

It did tell me there were things I couldnt remove and it needed to reboot. It did not automaticly start when I rebooted though. This log is from before the reboot.

log here:




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4382

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/2/2010 4:51:43 PM
mbam-log-2010-08-02 (16-51-43).txt

Scan type: Quick scan
Objects scanned: 152443
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.stf (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.stf.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.tcw (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.tcw.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\BrowserZinc (Adware.BrowserZinc) -> No action taken.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{5909fc3d-7f8b-415d-a5d1-7c7e941e536e} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{aa1acb70-b5f1-4037-909e-1f725b04d2a8} (Adware.DoubleD) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Morez\Local Settings\Temporary Internet Files\New_tdf (Adware.DoubleD.Gen) -> No action taken.
C:\Documents and Settings\Morez\Local Settings\Temporary Internet Files\New_tdf\Data (Adware.DoubleD.Gen) -> No action taken.
C:\Documents and Settings\Morez\Local Settings\Temporary Internet Files\New_tdf\Icons (Adware.DoubleD.Gen) -> No action taken.

Files Infected:
C:\Documents and Settings\Morez\My Documents\downloads\handygamez_installer.exe (Adware.DoubleD) -> No action taken.

OK, reboot and run Malwarebytes , this time make sure to fix all thats checked and post a new log, DoubleD is a nasty infection

Let me tell ya, it appears your a gamer, thats fine, but there a lot of bogus sites that target gamers so you need to be real careful, with what the scans are finding this poor computer was almost at deaths door.

Where not done yet, we still need to check deeper and make sure we got it all.


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Malwarebytes log (I ran it, rebooted the system then ran it again 4 different times, this is the most recent log):


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4382

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/2/2010 8:59:19 PM
mbam-log-2010-08-02 (20-59-19).txt

Scan type: Quick scan
Objects scanned: 152241
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Morez\Local Settings\temp\1.84\le.dll (Adware.DoubleD) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Morez\Local Settings\temp\1.84\le.dll (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\Morez\Local Settings\temp\1.84\cd.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morez\Local Settings\temp\1.84\lri.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morez\Local Settings\temp\LRI_v0.0.1.9\lri.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

Double D reappears after each restart.

Here are the OTL logs:

OTL logfile created on: 8/2/2010 9:09:10 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Morez\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 4.44 Gb Free Space | 3.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NINA
Current User Name: Morez
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Morez\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Update Today Driver\1.4.0.2080\InternetToday.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Morez\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Inc.)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ZuneWlanCfgSvc) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (zumbus) -- C:\WINDOWS\system32\drivers\zumbus.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|Morez-iii.mybrute.com/cellule"
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.4.0.2380
FF - prefs.js..extensions.enabledItems: {52ED9673-0722-4A1D-B859-959FD56143DC}:1.0
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.073
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.4.0.5790
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.4.0.2520
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.3.0.3500
FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:1.4.0.3500
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/13 12:06:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/04 01:01:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1F834639-5712-4F4C-AD27-5BEFC9E1A1FC}: C:\Documents and Settings\Morez\Local Settings\Application Data\{1F834639-5712-4F4C-AD27-5BEFC9E1A1FC} [2010/08/02 01:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{67759473-D461-487E-A724-1C201BE6F539}: C:\Documents and Settings\Test\Local Settings\Application Data\{67759473-D461-487E-A724-1C201BE6F539} [2010/07/30 11:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/04 01:01:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/06 12:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\Mozilla\Extensions
[2010/03/06 12:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morez\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/04/11 01:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morez\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/18 19:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\Mozilla\Firefox\Profiles\eravso8j.default\extensions
[2010/01/30 23:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morez\Application Data\Mozilla\Firefox\Profiles\eravso8j.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/07/14 18:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\Mozilla\Firefox\Profiles\eravso8j.default\extensions\NPDyyno@dyyno.com
[2010/07/28 17:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/29 00:09:43 | 000,000,000 | ---D | M] (BrowserZinc) -- C:\Program Files\Mozilla Firefox\extensions\{52ED9673-0722-4A1D-B859-959FD56143DC}
[2010/01/13 12:07:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/01/13 12:24:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/06/01 14:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 22:08:48 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/06/19 12:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/04 01:01:51 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/12/03 13:48:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/03 13:48:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/03 13:48:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/03 13:48:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/03 13:48:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/03 13:48:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/03 13:48:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/06/04 01:01:59 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/06/04 01:01:48 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

O1 HOSTS File: ([2010/08/02 12:46:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Update Today Driver Task] C:\Program Files\Update Today Driver\1.4.0.2080\InternetToday.exe ()
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Morez\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Morez\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Morez\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239406062373 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.130.130.2 206.130.133.2
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Morez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Morez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 15:30:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/02 20:59:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morez\Desktop\OTL.exe
[2010/08/02 16:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morez\Application Data\Malwarebytes
[2010/08/02 16:46:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/02 16:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/02 16:46:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/02 16:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/02 16:45:56 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Morez\Desktop\mbam-setup-1.46.exe
[2010/08/02 16:44:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/02 12:32:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/02 12:28:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/02 12:28:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/02 12:28:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/02 12:28:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/02 12:09:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/02 01:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morez\Local Settings\Application Data\{1F834639-5712-4F4C-AD27-5BEFC9E1A1FC}
[2010/07/29 05:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/29 05:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/28 18:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2010/07/28 18:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/28 18:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/07/27 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morez\Desktop\New Folder
[2010/07/27 17:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/27 16:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/27 16:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/27 16:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morez\Desktop\SC2-WingsOfLiberty-enUS-Installer
[2010/07/25 13:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morez\Desktop\Game Stuff
[2010/07/25 13:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morez\Desktop\resume stuff
[2010/07/24 04:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/24 04:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/24 01:34:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Morez\IECompatCache
[2010/07/23 21:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/23 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/23 21:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morez\Local Settings\Application Data\gadednvfn
[2010/07/07 21:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/07 21:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/02 21:01:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/02 20:59:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morez\Desktop\OTL.exe
[2010/08/02 20:59:25 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vpsxonx.sys
[2010/08/02 20:58:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-823518204-725345543-1003UA.job
[2010/08/02 20:53:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/02 20:53:53 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-823518204-725345543-1007.job
[2010/08/02 20:53:53 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-823518204-725345543-1003.job
[2010/08/02 20:53:53 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-823518204-725345543-1006.job
[2010/08/02 20:53:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 20:53:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 20:52:44 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Morez\NTUSER.DAT
[2010/08/02 20:52:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Morez\ntuser.ini
[2010/08/02 20:52:39 | 003,739,548 | -H-- | M] () -- C:\Documents and Settings\Morez\Local Settings\Application Data\IconCache.db
[2010/08/02 18:02:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2A9BEE00-73DA-4EAC-8226-66553B5CFDA9}.job
[2010/08/02 17:42:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-823518204-725345543-1003.job
[2010/08/02 16:46:47 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/02 16:46:10 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Morez\Desktop\mbam-setup-1.46.exe
[2010/08/02 12:58:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-823518204-725345543-1003Core.job
[2010/08/02 12:46:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/02 12:46:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/02 12:32:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/02 11:59:46 | 003,749,250 | R--- | M] () -- C:\Documents and Settings\Morez\Desktop\ComboFix.exe
[2010/08/02 01:39:42 | 000,283,526 | ---- | M] () -- C:\Documents and Settings\Morez\Desktop\SCScrnShot_080210_013942.pcx
[2010/08/02 01:39:38 | 000,284,349 | ---- | M] () -- C:\Documents and Settings\Morez\Desktop\SCScrnShot_080210_013938.pcx
[2010/08/02 00:04:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/31 22:37:21 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-823518204-725345543-1007.job
[2010/07/31 22:37:11 | 000,005,849 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/31 03:54:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-823518204-725345543-1006.job
[2010/07/30 17:58:43 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Morez\Desktop\Google Chrome.lnk
[2010/07/30 17:58:43 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Morez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/29 12:33:24 | 000,000,519 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/29 12:33:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/29 12:33:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/28 18:27:54 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/07/28 18:05:10 | 000,469,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/28 18:05:10 | 000,400,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/28 18:05:10 | 000,062,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 16:33:17 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Morez\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/27 16:33:14 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Morez\Desktop\NTREGOPT.lnk
[2010/07/27 16:33:14 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Morez\Desktop\ERUNT.lnk
[2010/07/25 02:45:45 | 000,012,185 | ---- | M] () -- C:\Documents and Settings\Morez\.recently-used.xbel
[2010/07/24 14:40:12 | 000,414,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100731-221856.backup
[2010/07/23 22:48:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/21 12:34:48 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/07/20 00:56:25 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\RESUME2010AT&T.doc
[2010/07/20 00:55:15 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\Application Aid 2010.doc
[2010/07/19 19:56:35 | 000,015,924 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\RESUME2008.doc
[2010/07/19 17:25:56 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\2010resumeFinalDraftsalesDOC.doc
[2010/07/19 17:24:35 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\2010resumeFinalDraft-wenatcheezip.doc
[2010/07/19 17:24:22 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\RESUME2010bluebird.doc
[2010/07/19 17:24:09 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\2010resumeFinalDraftteaching.doc
[2010/07/14 14:03:55 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\coverletterSales.rtf
[2010/07/14 13:21:47 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\coverletterIT.rtf
[2010/07/09 12:04:40 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/07 15:04:20 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Morez\My Documents\2010resumeFinalDraft.doc
[2010/07/06 19:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/07/06 19:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010/07/06 18:58:26 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/07/06 18:58:18 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/07/06 18:57:02 | 004,337,664 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/07/06 18:53:00 | 015,499,264 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/07/06 18:50:14 | 000,311,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/07/06 18:48:54 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/07/06 18:47:56 | 000,299,520 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/07/06 18:41:18 | 003,869,952 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/07/06 18:33:00 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/07/06 18:32:48 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/07/06 18:32:40 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/07/06 18:32:34 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/07/06 18:32:24 | 000,159,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/07/06 18:29:56 | 000,053,248 | ---- | M] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/07/06 18:29:22 | 000,063,416 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/07/06 18:29:06 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/07/06 18:28:10 | 002,273,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/07/06 18:27:50 | 000,486,064 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/07/06 18:27:42 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/07/06 18:27:42 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/06 18:25:48 | 000,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/07/06 18:24:52 | 000,393,216 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/07/06 18:24:06 | 000,184,320 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/07/06 18:23:52 | 000,017,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/07/06 18:19:10 | 000,704,512 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/07/06 18:15:58 | 000,065,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/07/06 18:15:58 | 000,065,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/07/06 18:15:22 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/07/04 19:08:43 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Morez\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/04 19:08:43 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/02 20:59:25 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vpsxonx.sys
[2010/08/02 16:46:47 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/02 12:32:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/02 12:32:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/02 12:28:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/02 12:28:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/02 12:28:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/02 12:28:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/02 12:28:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/02 11:59:46 | 003,749,250 | R--- | C] () -- C:\Documents and Settings\Morez\Desktop\ComboFix.exe
[2010/08/02 01:39:42 | 000,283,526 | ---- | C] () -- C:\Documents and Settings\Morez\Desktop\SCScrnShot_080210_013942.pcx
[2010/08/02 01:39:38 | 000,284,349 | ---- | C] () -- C:\Documents and Settings\Morez\Desktop\SCScrnShot_080210_013938.pcx
[2010/08/01 12:26:39 | 000,002,411 | ---- | C] () -- C:\Documents and Settings\Morez\reset.log
[2010/07/30 20:39:07 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-823518204-725345543-1006.job
[2010/07/30 20:39:07 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-823518204-725345543-1006.job
[2010/07/30 18:38:34 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-823518204-725345543-1007.job
[2010/07/30 18:38:33 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-823518204-725345543-1007.job
[2010/07/29 12:33:26 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Morez\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/29 12:33:25 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Morez\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2010/07/29 12:33:25 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Morez\Start Menu\Programs\Startup\Xfire.lnk
[2010/07/28 18:07:43 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/07/27 20:42:44 | 000,310,108 | ---- | C] () -- C:\Documents and Settings\Morez\MSinfo.txt
[2010/07/27 16:33:14 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Morez\Desktop\NTREGOPT.lnk
[2010/07/27 16:33:14 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Morez\Desktop\ERUNT.lnk
[2010/07/25 02:45:45 | 000,012,185 | ---- | C] () -- C:\Documents and Settings\Morez\.recently-used.xbel
[2010/07/19 20:09:27 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Morez\My Documents\Application Aid 2010.doc
[2010/07/19 15:47:59 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Morez\My Documents\2010resumeFinalDraftteaching.doc
[2010/07/14 16:30:08 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Morez\My Documents\2010resumeFinalDraftsalesDOC.doc
[2010/07/14 14:03:55 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\Morez\My Documents\coverletterSales.rtf
[2010/07/14 13:21:46 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\Morez\My Documents\coverletterIT.rtf
[2010/07/11 15:31:43 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Morez\My Documents\2010resumeFinalDraft-wenatcheezip.doc
[2010/07/09 12:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/07 21:08:14 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/06 16:43:07 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Morez\My Documents\2010resumeFinalDraft.doc
[2010/07/06 15:00:30 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Morez\My Documents\RESUME2010AT&T.doc
[2010/07/01 15:19:37 | 000,005,849 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/04 01:02:18 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/29 01:14:33 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/06/29 01:14:33 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/06/29 01:14:33 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/25 16:57:35 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2001/08/23 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/09/12 22:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/03/06 23:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/19 11:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/03/08 00:09:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}
[2009/10/14 14:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/14 03:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/29 00:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\DNA
[2009/08/29 15:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\DragonicaSCB
[2010/07/25 02:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\gtk-2.0
[2010/04/06 22:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/01/13 12:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\OpenOffice.org
[2009/06/27 18:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\Opera
[2010/03/06 23:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\Sony
[2010/01/15 22:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\SystemRequirementsLab
[2010/03/06 12:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\Thunderbird
[2009/09/13 00:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morez\Application Data\Turbine
[2010/08/02 18:02:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2A9BEE00-73DA-4EAC-8226-66553B5CFDA9}.job

========== Purity Check ==========


< End of report >

The Extras Log wouldnt fit so I made another post for it.
OTL Extras Log:

OTL Extras logfile created on: 8/2/2010 9:09:10 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Morez\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 4.44 Gb Free Space | 3.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NINA
Current User Name: Morez
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56375:TCP" = 56375:TCP:*:Enabled:Pando Media Booster
"56375:UDP" = 56375:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"56375:TCP" = 56375:TCP:*:Enabled:Pando Media Booster
"56375:UDP" = 56375:UDP:*:Enabled:Pando Media Booster
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"1119:TCP" = 1119:TCP:*:Enabled:StarCraft II
"1119:UDP" = 1119:UDP:*:Enabled:StarCraft II

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Documents and Settings\Morez\Local Settings\Application Data\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Morez\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0323C306-8B8C-BB5F-E644-5BFE9A42A7BF}" = Catalyst Control Center Localization Hungarian
"{054CCA19-DADE-A3C9-171A-8735E23CA6FA}" = Catalyst Control Center Localization Italian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B21B7E-DC6F-69F0-780F-FE7918726A34}" = Catalyst Control Center Localization Korean
"{106E35DE-FFF3-033A-0D1B-288A231BDE64}" = Catalyst Control Center Localization Russian
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{147AAF68-A89A-8E2E-97EE-A1F1430F9F68}" = Catalyst Control Center Graphics Previews Common
"{193DDD97-B56A-511D-0CD6-78D5F421D5BD}" = Catalyst Control Center HydraVision Full
"{19CA0312-BD69-A0DE-D242-BD806E9D627A}" = CCC Help Dutch
"{1A8F390D-E05E-A124-3FB7-89E3E49F81E2}" = CCC Help Polish
"{1B4FC4DB-4ACD-77A1-BA99-C820E5CB68BC}" = CCC Help Chinese Standard
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20820A45-02A1-144C-21A3-A1812C5DDE23}" = Catalyst Control Center InstallProxy
"{25C63E16-5CB9-16E5-A931-8963E5DE8421}" = Catalyst Control Center HydraVision Full
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2BE013D0-4CF4-AA57-05E1-19F9FACCF622}" = CCC Help English
"{2C288961-5ABA-3D23-490F-902F9F11D440}" = Catalyst Control Center Graphics Light
"{2ED57AFF-081D-3B60-0C76-E51F68A9F0D8}" = Catalyst Control Center Localization Polish
"{2F6096CC-7067-489B-ADCE-F1936A1E1D6F}" = League of Legends
"{336D9EAB-B952-6023-C94C-8DE52AD75E7D}" = Catalyst Control Center Localization German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36753DE9-4B0F-1C39-D2C6-D9E9A1814FC3}" = CCC Help Hungarian
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4891561F-8CE7-1162-5967-E741306F7616}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE31F12-E34D-83C1-BA1A-D65AF3BBB95F}" = Catalyst Control Center Localization Spanish
"{4C8E4664-A6A1-4847-61D0-D4FA02C42BB0}" = Skins
"{4CACC1AC-7EDF-4E73-0019-A446CE2CA02B}" = Catalyst Control Center Localization Chinese Standard
"{4F28C8B9-E1A5-7BC1-915A-29913E129042}" = Catalyst Control Center Localization Japanese
"{4F73512F-90DF-4BF2-FCF9-0E5C83996136}" = ccc-core-preinstall
"{56D1E9E5-204A-E468-DAC1-644C9CB2DC65}" = Catalyst Control Center Core Implementation
"{57B2B2E4-A1D5-1097-C223-6A4E81554458}" = Catalyst Control Center Localization Danish
"{5BE36E29-4207-2D14-1413-DF103390CC19}" = CCC Help French
"{5D2B8C32-D051-0DB0-D8BD-5CA32E13723B}" = CCC Help Swedish
"{5E85647B-DAF4-E174-9954-210D18B123E6}" = Catalyst Control Center Localization Thai
"{63CA4C0D-7C03-69FE-AE5D-96319AD6AA08}" = CCC Help Norwegian
"{667B8F35-6242-50D3-D69E-69D3BE5445D5}" = Catalyst Control Center Localization Finnish
"{6755AF4B-6C06-44B3-8E7C-1E24EBD0616A}" = HandyGamez Toolbar
"{6A6818AD-60CE-9346-60BB-0717876E40F4}" = ccc-core-preinstall
"{6CA5F5DC-33C3-D56F-F399-BD5792397089}" = CCC Help English
"{6DAC0917-50F5-7F70-9776-4215DA7E2D1B}" = CCC Help German
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7600B3FE-F267-D350-3BA1-9E6874B8E536}" = ccc-utility
"{76E3C633-BC8E-E33D-8774-4A3DF581C8FE}" = CCC Help Portuguese
"{788F45B5-816D-2294-33DD-BF080093D54D}" = Catalyst Control Center Graphics Previews Common
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79A636B4-3FA8-1E2F-A85D-6B6A4A0DA43D}" = CCC Help Russian
"{7A14BF33-11BF-033B-02CC-732A30C09314}" = Catalyst Control Center Localization Greek
"{7C7575F4-351D-8F62-5693-61D6E0171F85}" = CCC Help Korean
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81D8048B-5900-526C-4443-8290C5D76759}" = CCC Help English
"{82D1C246-2D78-5311-8D3F-8214B94EEFA4}" = CCC Help Turkish
"{85B4D6CC-ADF6-A78F-1463-F70C2E274849}" = CCC Help Finnish
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A183127-7EDB-B2DD-7D87-70FBFA3A33C1}" = Catalyst Control Center Localization Portuguese
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B35E3B4-0E9B-ED12-F102-EB8160DD1F46}" = Catalyst Control Center Localization Swedish
"{8FD6CA17-DB2B-9411-CEF5-B899DCBAB685}" = CCC Help Danish
"{90D73DED-670E-BE24-C645-C4D546A1F2C3}" = CCC Help Spanish
"{9210C991-FE28-2B30-3E27-0F921AB5B9EC}" = Catalyst Control Center Localization Chinese Traditional
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{926D18B2-11B5-7210-621A-5231DC005705}" = CCC Help Czech
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DA8A90-1BD6-F86A-D51B-B46882A80980}" = ccc-utility
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9B0CCE51-B328-D4F7-C4A4-65723AF20574}" = Catalyst Control Center Core Implementation
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A00E5C2A-C348-000B-D8D3-45313B6C6A1B}" = Catalyst Control Center InstallProxy
"{A13C84F5-B2FC-823B-ADB2-6F5B2A6EE9DE}" = ccc-utility
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7BE7658-4DB4-42D0-A128-C525C4A32703}" = InstallIQ Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC50CB60-7D5A-5953-6A38-496E08B9433C}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B70E4F29-F9C9-4D32-80F3-6E24ED1DBCDF}" = Catalyst Control Center Localization Norwegian
"{B9C149DB-E4F6-573A-DF3B-B9E392F1BA64}" = CCC Help Thai
"{BDC209E0-8D38-F913-5246-4376FC4C3EF5}" = Catalyst Control Center Localization French
"{C2274248-9536-B9E2-0886-84BF1F292219}" = ATI Catalyst Install Manager
"{C56C4023-6B2E-7F8A-C72F-655089BFEA81}" = Catalyst Control Center Graphics Previews Common
"{C73B3D3A-2FDC-EE8F-F0E5-0269A85014D3}" = Catalyst Control Center Graphics Light
"{C75C6783-CD7D-AF45-43B4-2885A3948318}" = Catalyst Control Center Graphics Full New
"{C8C08FE3-05DC-7A8B-C23B-9276FFE21183}" = Catalyst Control Center Localization Dutch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D00A7B31-C764-94AF-7915-87676458CC66}" = Catalyst Control Center Localization Turkish
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4B95A0D-CF13-633F-09A6-15D78B24F3AE}" = CCC Help Chinese Traditional
"{D9509DDD-74B4-A7CB-3669-7358BEE3C1AC}" = ccc-core-static
"{E46B244B-9BF2-EA75-2D4C-7BD0BA12860A}" = CCC Help Japanese
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA5C28E2-3048-5BC5-67C4-E0BB33C60FDA}" = Catalyst Control Center Localization Czech
"{ECA89BA0-1C9B-237D-F59E-EC62534831A5}" = Catalyst Control Center Graphics Full New
"{ECB29C3B-4D64-17C0-430D-DEB933D76834}" = CCC Help Greek
"{ED862528-0058-F09F-F4B3-3E3276A3F3C7}" = Catalyst Control Center Graphics Full Existing
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.03.800
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Diablo II" = Diablo II
"ERUNT_is1" = ERUNT 1.1j
"HandyGamez Toolbar" = HandyGamez Toolbar
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"RealPlayer 12.0" = RealPlayer
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Wakfu" = Wakfu
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Xfire" = Xfire (remove only)
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2010 6:59:45 AM | Computer Name = NINA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/2/2010 6:59:45 AM | Computer Name = NINA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/2/2010 11:20:12 AM | Computer Name = NINA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/2/2010 11:20:12 AM | Computer Name = NINA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/2/2010 2:59:03 PM | Computer Name = NINA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mom.exe, P2 2.0.0.0, P3 48bd603c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 8/2/2010 3:07:59 PM | Computer Name = NINA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mom.exe, P2 2.0.0.0, P3 48bd603c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 8/2/2010 3:46:35 PM | Computer Name = NINA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mom.exe, P2 2.0.0.0, P3 48bd603c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 8/2/2010 7:53:11 PM | Computer Name = NINA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mom.exe, P2 2.0.0.0, P3 48bd603c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 8/2/2010 8:02:59 PM | Computer Name = NINA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mom.exe, P2 2.0.0.0, P3 48bd603c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 8/2/2010 11:53:55 PM | Computer Name = NINA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mom.exe, P2 2.0.0.0, P3 48bd603c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 edf, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

[ System Events ]
Error - 8/1/2010 11:52:44 PM | Computer Name = NINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BrowserZinc Service service
to connect.

Error - 8/2/2010 4:36:14 AM | Computer Name = NINA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/2/2010 4:36:14 AM | Computer Name = NINA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/2/2010 4:37:23 AM | Computer Name = NINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BrowserZinc Service service
to connect.

Error - 8/2/2010 2:59:11 PM | Computer Name = NINA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/2/2010 2:59:11 PM | Computer Name = NINA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/2/2010 3:00:19 PM | Computer Name = NINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BrowserZinc Service service
to connect.

Error - 8/2/2010 3:08:09 PM | Computer Name = NINA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/2/2010 3:08:09 PM | Computer Name = NINA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/2/2010 3:09:16 PM | Computer Name = NINA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BrowserZinc Service service
to connect.


< End of report >

No problem with the extra post, next time we run OTL we dont need the extras log.

This should get rid of DoubleD

Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

I'll have to make a second post this file is about 700 characters too long.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2010 at 02:50 AM

Application Version : 4.41.1000

Core Rules Database Version : 5307
Trace Rules Database Version: 3119

Scan type : Complete Scan
Total Scan Time : 00:24:29

Memory items scanned : 456
Memory threats detected : 1
Registry items scanned : 5133
Registry threats detected : 1
File items scanned : 24518
File threats detected : 510

Trojan.Agent/Gen-InternetToday
C:\PROGRAM FILES\UPDATE TODAY DRIVER\1.4.0.2080\INTERNETTODAY.EXE
C:\PROGRAM FILES\UPDATE TODAY DRIVER\1.4.0.2080\INTERNETTODAY.EXE
[Update Today Driver Task] C:\PROGRAM FILES\UPDATE TODAY DRIVER\1.4.0.2080\INTERNETTODAY.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Morez\Cookies\morez@atdmt[2].txt
a.ads2.msads.net [ C:\Documents and Settings\Hiding From Viruses\Application Data\Macromedia\Flash Player\#SharedObjects\ZRCKBZL7 ]
b.ads2.msads.net [ C:\Documents and Settings\Hiding From Viruses\Application Data\Macromedia\Flash Player\#SharedObjects\ZRCKBZL7 ]
cdn4.specificclick.net [ C:\Documents and Settings\Hiding From Viruses\Application Data\Macromedia\Flash Player\#SharedObjects\ZRCKBZL7 ]
ia.media-imdb.com [ C:\Documents and Settings\Hiding From Viruses\Application Data\Macromedia\Flash Player\#SharedObjects\ZRCKBZL7 ]
C:\Documents and Settings\Hiding From Viruses\Cookies\hiding_from_viruses@ad.wsod[2].txt
C:\Documents and Settings\Hiding From Viruses\Cookies\hiding_from_viruses@xfire.adbureau[2].txt
C:\Documents and Settings\Hiding From Viruses\Cookies\hiding_from_viruses@kontera[2].txt
C:\Documents and Settings\Hiding From Viruses\Cookies\hiding_from_viruses@atdmt[2].txt
C:\Documents and Settings\Hiding From Viruses\Cookies\hiding_from_viruses@msnportal.112.2o7[1].txt
C:\Documents and Settings\Hiding From Viruses\Cookies\hiding_from_viruses@invitemedia[1].txt
cdn4.specificclick.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4YB52KCN ]
core.insightexpressai.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4YB52KCN ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4YB52KCN ]
a.ads2.msads.net [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
accounts.key.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
ads2.msads.net [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
b.ads2.msads.net [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
banners.securedataimages.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
cache.specificmedia.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
cds017.sj1.media.scanscout.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
content.oddcast.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
convoad.technoratimedia.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
core.insightexpressai.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
ec.atdmt.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
flvtools.spacash.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
i.adultswim.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
ia.media-imdb.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
interclick.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
lsftmedia.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
m1.2mdn.net [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
media-macys.pictela.net [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
media.khou.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
media.mtvnservices.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
media.scanscout.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
media.socialvibe.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
media.xfire.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
media01.kyte.tv [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
media1.break.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
msnbcmedia.msn.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
msntest.serving-sys.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
naiadsystems.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
objects.tremormedia.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
s0.2mdn.net [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
serving-sys.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
sex.healthguru.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
spe.atdmt.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
udn.specificclick.net [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
vidii.hardsextube.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
www.adultswim.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
www.gofuckthat.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
www.naiadsystems.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
www.pornnect.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
www.sextube.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
xxxbunker.com [ C:\Documents and Settings\Morez\Application Data\Macromedia\Flash Player\#SharedObjects\VT865GGX ]
C:\Documents and Settings\Morez\Cookies\morez@video.adultswim[2].txt
C:\Documents and Settings\Morez\Cookies\morez@a1.interclick[2].txt
C:\Documents and Settings\Morez\Cookies\morez@bluestreak[1].txt
C:\Documents and Settings\Morez\Cookies\morez@specificmedia[2].txt
C:\Documents and Settings\Morez\Cookies\morez@revsci[2].txt
.atdmt.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.msnbc.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wjnyopcpiho.stats.esomniture.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.qsstats.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.qsstats.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.s.clickability.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.s.clickability.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wjk4gjdzggo.stats.esomniture.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.marthastewart.122.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.steelhousemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.steelhousemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kanoodle.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kanoodle.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.afaservice.122.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ice.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
sex.healthguru.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.sex.healthguru.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.sex.healthguru.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.sex.healthguru.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.edgeadx.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.chicagosuntimes.122.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.warnerbros.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.eaeacom.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.charter2.db.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
counter.top.ge [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
counter.top.ge [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
counter.top.ge [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
counter.top.ge [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.spylog.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.openstat.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
counter.surfcounters.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
web4.realtracker.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.answerstv.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.healthgrades.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.medhelpinternational.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.medhelp.org [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.videoegg.adbureau.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.xfire.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.xfire.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.xfire.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.demandwarecrocs.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.cracked.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.crackle.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.crackle.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.crackle.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.crackle.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.crackle.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.crackle.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.keybank.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
server.iad.liveperson.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wjkyekdjebo.stats.esomniture.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wfmigkd5gcq.stats.esomniture.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.target.db.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
optimize.indieclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
optimize.indieclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.myaccount.turbine.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.myaccount.turbine.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.myaccount.turbine.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
anime-porn-videos.zipthumbs.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
myvideoporntube.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
myvideoporntube.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.tlvmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.game-advertising-online.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lockedonmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.highbeam.122.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
dc.tremormedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.burstbeacon.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstbeacon.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.intermundomedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.intermundomedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
banner.adchemy.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
banner.adchemy.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
banner.adchemy.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.associatedcontent.112.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
tracking.hearthstoneonline.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn.mythingsmedia.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn.mythingsmedia.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
pixel.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adecn.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn1.trafficmp.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn1.trafficmp.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
network.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.network.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Y4JXPTYL ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Y4JXPTYL ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Y4JXPTYL ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Y4JXPTYL ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Y4JXPTYL ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Y4JXPTYL ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Y4JXPTYL ]
a.ads2.msads.net [ C:\Documents and Settings\Test\Application Data\Macromedia\Flash Player\#SharedObjects\W6FTYK7V ]
b.ads2.msads.net [ C:\Documents and Settings\Test\Application Data\Macromedia\Flash Player\#SharedObjects\W6FTYK7V ]
C:\Documents and Settings\Test\Cookies\test@ad.wsod[2].txt
C:\Documents and Settings\Test\Cookies\test@atdmt[1].txt
C:\Documents and Settings\Test\Cookies\test@msnportal.112.2o7[1].txt

Adware.DoubleD
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\bin\mvbup.exe
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\bin
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Cache\default1.dat
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Cache\loading.dat
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Cache\loading.gif
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Cache
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_Logo.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_Option.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_RSS.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_Search.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_Smiley_Config.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_Smiley_TellAFriend.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_WebDropdown_01.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_WebDropdown_02.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_WebDropdown_03.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_WebDropdown_04.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_WebDropdown_05.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_WebDropdown_06.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\Module_WebDropdown_07.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\pixel.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\ProductInfo.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\profile.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\SearchEngineList.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\tbcore.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\ToolbarLayout.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\UpdateCentre.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data\UpdateCentreBk.mx
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Data
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\About.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Component_ComboBox.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_Logo.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_Option.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_Option_Menu.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_RSS.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_RSS.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_RSS_Menu.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_RSS_Menu.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_Search.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_01.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_01.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_02.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_02.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_03.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_03.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_04.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_04.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_05.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_05.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_06.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_06.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_07.mg
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons\Module_WebDropdown_07.png
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Icons
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Skins\myskin1.skf
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Skins\myskin2.skf
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Skins\myskin3.skf
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Skins\myskin4.skf
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440\Skins
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR\2.4.0.10440
C:\Documents and Settings\Morez\Local Settings\Application Data\HANDYGAMEZ TOOLBAR
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\3A0AAFF0\B94081D6\MVBSVC.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\75918810\B94081D6\MVBAPP.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\93CE9E2B\B94081D6\MVBASST.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\MFILEBAGIDE.DLL\BAG\MVBPX.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100799.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100807.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100811.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100825.DLL

Application.Agent/Gen-TempZ
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\MFILEBAGIDE.DLL\BAG\MVBTERM.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\DOCUMENTS AND SETTINGS\MOREZ\LOCAL SETTINGS\TEMP\1.84\LE.DLL

Adware.OneStep/PotentiallyUnwantedProgram
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100774.DLL

Trojan.Agent/Gen-Cryptor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100851.EXE

Did you have SuperAntiSpyware remove everything, there was some nasty stuff in there that does not look like it was removed

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

If you have not done that then you need to run the scan again, that stuff needs to go

I got everything but 16 items under Adware that keeps showing up every time I scan. Here's the most recent log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2010 at 12:20 PM

Application Version : 4.41.1000

Core Rules Database Version : 5307
Trace Rules Database Version: 3119

Scan type : Complete Scan
Total Scan Time : 00:24:30

Memory items scanned : 426
Memory threats detected : 0
Registry items scanned : 5132
Registry threats detected : 0
File items scanned : 24519
File threats detected : 16

Adware.Tracking Cookie
C:\Documents and Settings\Morez\Cookies\morez@atdmt[2].txt
.content.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Morez\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Looks like the first run of SAS got it all, what the second scan found where just tracking, no real way around them. You can set your browsers to not accept cookies but if you do you will not be able to access most sites.

How are things running now ?

So much better.

Hi,

Thats great, run this free online virus scanner and lets make sure we didn't miss anything

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9909f1e4032a2b4a8141de3ebfabc5a0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-06 07:25:12
# local_time=2010-08-06 12:25:12 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=81183
# found=86
# cleaned=86
# scan_time=3171
C:\Documents and Settings\All Users\Application Data\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\mFileBagIDE.dll\bag\mvbsh.dll probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\mFileBagIDE.dll\bag\stfsetup.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\mFileBagIDE.dll\bag\tcwsetup.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\{2FC825F2-8DED-4638-97B9-5C438EDA9CB6}\OFFLINE\mFileBagIDE.dll\bag\utdsetup.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Live Access Operator\4.4.0.5790\laopx.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Update Today Driver\1.4.0.2080\ITConfigMgr.dll a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Update Today Driver\1.4.0.2080\PixelLogExe.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\BrowserZinc\browserzinc151.exe.vir a variant of Win32/Adware.OneStep.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Advanced Entry Provider\4.4.0.2380\AEPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Advanced Entry Provider\4.4.0.2380\AEPpx.exe.vir a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.dll.vir a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Live Access Operator\4.4.0.5790\LAOIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.dll.vir a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Real Search Enhancer\4.4.0.2520\RSE.dll.vir a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Real Search Enhancer\4.4.0.2520\RSEpx.exe.vir a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.dll.vir a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Simplified Textual Finder\1.4.0.3500\LRI.dll.vir Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Simplified Textual Finder\1.4.0.3500\STFIE.dll.vir Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Simplified Textual Finder\1.4.0.3500\stfpx.exe.vir a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Simplified Textual Finder\1.4.0.3500\FF\components\LRI.dll.vir Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Simplified Textual Finder\1.4.0.3500\FF\components\STFFFAddOn.dll.vir Win32/Adware.DoubleD.AI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Targeted Content Wizard\1.4.0.3500\TCWIE.dll.vir a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Targeted Content Wizard\1.4.0.3500\tcwpx.exe.vir a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Targeted Content Wizard\1.4.0.3500\FF\components\TCWFFAddOn.dll.vir a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\dersd3.dll.vir a variant of Win32/Kryptik.FRD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\idilobakamodeta.dll.vir a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAegexyrbvsi\pragmabbr.dll.vir a variant of Win32/Kryptik.EXT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAegexyrbvsi\PRAGMAc.dll.vir a variant of Win32/Kryptik.EXT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAegexyrbvsi\PRAGMAd.sys.vir a variant of Win32/Rootkit.Kryptik.AZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAegexyrbvsi\pragmaserf.dll.vir a variant of Win32/Kryptik.EXT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\disk.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP445\A0097960.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP445\A0097963.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP448\A0100257.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP449\A0100288.dll Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100738.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100772.exe a variant of Win32/Adware.OneStep.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100775.exe a variant of Win32/Adware.OneStep.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100781.dll a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100782.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100783.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100784.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100785.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100788.dll a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100789.exe a variant of Win32/Adware.OneStep.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100800.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100802.dll a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100805.dll a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100810.dll a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100813.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100816.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100817.dll Win32/Adware.DoubleD.AI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100818.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100819.dll Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100820.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100824.dll a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100826.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100828.dll a variant of Win32/Kryptik.FRD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100829.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100831.dll a variant of Win32/Kryptik.EXT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100832.dll a variant of Win32/Kryptik.EXT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100834.sys a variant of Win32/Rootkit.Kryptik.AZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100835.dll a variant of Win32/Kryptik.EXT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100836.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100837.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100838.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100840.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100844.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100845.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100846.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100852.dll Win32/Adware.DoubleD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP453\A0100856.exe Win32/TrojanDownloader.Prodatect.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP454\A0100995.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP454\A0100996.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP454\A0100997.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP454\A0100998.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP454\A0100999.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP458\A0101073.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP458\A0101074.dll probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP458\A0101075.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP458\A0101076.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP458\A0101077.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP458\A0101078.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP458\A0101079.dll a variant of Win32/Adware.DoubleD.AK application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7C7DC31-52A1-4C8E-854F-79348B6E8532}\RP458\A0101080.exe a variant of Win32/Adware.DoubleD.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Good Morning,

Out of the the 86 items found only 8 where ones the other scans didn't remove, the rest where backups of what Combofix removed and the some where in your System Restore program.

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.


Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.


Reboot your computer

Turn ON System Restore.


Right-click My Computer.
ClickProperties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.


Create a new Restore Point <-- Very Important


Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point

System Restore Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- If you need it



Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.





Now to remove most of the tools that we have used in fixing your machine:
Make sure you have an Internet Connection.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
A list of tool components used in the cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.



Let me know if you feel things are ok ?

Did all of that. Computer seems to be running much more smoothly, thank you!

So do I turn teatimer back on and just use spybot or are there other antivirus programs you recomend running?

Great,

I am providing a list of recommendations and free programs to install, one of them is SpywareBlaster, it does the same thing as the teatimer in Spybot so if you re enable the teatimer dont install SpywareBlaster



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

WinPatrol (www.winpatrol.com/download.html) Keep this fine program activated to block a lot of threats

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

Ok, thank you for your help!

Your very welcome :)