PDA

View Full Version : Unknown Issue - Kills Generic Host process for Win32 Services


LoginFailed
2010-12-03, 06:24
Issues: after a few minutes of a browser being opened somethings kills a generic Win32 process. No new programs can be opened and any new pages on the open browser will not load. Computer can only be shut down by holding the power button down.

Thanks


DDS (Ver_10-11-27.01) - NTFSx86
Run by RM at 13:43:22.81 on Thu 12/02/2010
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.881 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\RM\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RM\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\RM\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {4e7bd74f-2b8d-469e-8cb0-ab60bb9aae22} - Verizon Broadband Toolbar
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-8cb0-ab60bb9aae22} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [Google Update] "c:\documents and settings\rm\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [razer] c:\program files\razer\copperhead\razerhid.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
StartupFolder: c:\docume~1\raymon~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Gamma.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MozyHome Status.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\QuickBooks Web Connector.lnk.disabled
IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks enterprise solutions 9.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\raymon~1\applic~1\mozilla\firefox\profiles\gyxikd6l.default\
FF - prefs.js: browser.search.selectedEngine - Verizon
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\rm\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-21 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-8 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-21 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-24 1247600]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-14 38224]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2007-6-24 19020]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 APPSTREAM;APPSTREAM;\??\c:\windows\system32\drivers\appstream.sys --> c:\windows\system32\drivers\APPSTREAM.SYS [?]
S4 Coomlgdgt;Coomlgdgt; [x]
S4 REGHOOK;REGHOOK;\??\c:\windows\system32\drivers\reghook.sys --> c:\windows\system32\drivers\REGHOOK.SYS [?]
S4 VSPD;VSPD;\??\c:\windows\system32\drivers\vspd.sys --> c:\windows\system32\drivers\VSPD.SYS [?]

=============== Created Last 30 ================

2010-11-27 23:40:19 234 ----a-w- c:\docume~1\raymon~1\applic~1\sdhkryu.bat
2010-11-21 23:08:03 -------- d-----w- c:\docume~1\raymon~1\applic~1\AVG9
2010-11-12 14:56:51 -------- d-----w- c:\docume~1\raymon~1\applic~1\CoffeeCup Software
2010-11-12 14:55:49 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-11-12 14:55:48 -------- d-----w- c:\program files\CoffeeCup Software
2010-11-07 04:02:42 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-07 04:02:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-07 04:01:22 -------- d-----w- c:\program files\iPod
2010-11-07 04:01:18 -------- d-----w- c:\program files\iTunes
2010-11-07 04:01:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-07 03:57:48 -------- d-----w- c:\program files\Bonjour
2010-11-04 17:57:59 -------- d--h--r- c:\program files\Skype

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST910021AS rev.8.04 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A73F446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a745504]; MOV EAX, [0x8a745580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7A3AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006f[0x8A8009E0]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A7AD940]
\Driver\atapi[0x8A7929B8] -> IRP_MJ_CREATE -> 0x8A73F446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST910021AS______________________________8.04____#5&2e5a1c11&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A73F292
user != kernel MBR !!!
sectors 195371566 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 13:45:35.56 ===============

I am now also getting redirected to search sites by clicking links within google.
Blade81
2010-12-08, 09:58
Please post contents of fresh DDS logs (dds.txt & attach.txt).
LoginFailed
2010-12-10, 00:13
Attached are copies of the reports as requested. Also, spybot results


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Common Dialogs: History (11 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\secure-us.imrworldwide.com\_ggCvar.sol
Properties.size=74
Properties.md5=591FB225512DBD62491EA211587889A7
Properties.filedate=1291877035
Properties.filedatetext=2010-12-09 01:43:54

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\secure-us.imrworldwide.com\_ggCvar_temp.sol
Properties.size=79
Properties.md5=3E4FFB90E2B5D06A4BAFF7695638D4B3
Properties.filedate=1291877035
Properties.filedatetext=2010-12-09 01:43:54

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\secure-us.imrworldwide.com\_ggMCvar_1.sol
Properties.size=74
Properties.md5=60FFFF7685BA1AA1487A5D91B4D9C50D
Properties.filedate=1291877035
Properties.filedatetext=2010-12-09 01:43:55

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\static.scanscout.com\com.quantserve.sol
Properties.size=72
Properties.md5=46735F2275C0CB79DF6294BC146003EF
Properties.filedate=1291877024
Properties.filedatetext=2010-12-09 01:43:43

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\vdassets.bitgravity.com\acudeoSession.sol
Properties.size=103
Properties.md5=C86D0C3A61F10B40B3E892C3BFCB4FF7
Properties.filedate=1291877089
Properties.filedatetext=2010-12-09 01:44:48

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\vdassets.bitgravity.com\com.quantserve.sol
Properties.size=72
Properties.md5=476117A7E45F724F93D2A8C9BAD4958B
Properties.filedate=1291877023
Properties.filedatetext=2010-12-09 01:43:43

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\www.mevio.com\acudeoSession.sol
Properties.size=93
Properties.md5=92144444C099A82DE4964374A33EC513
Properties.filedate=1291876926
Properties.filedatetext=2010-12-09 01:42:06

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\www.mevio.com\com.quantserve.sol
Properties.size=73
Properties.md5=AD64DF1B87A8391FA028902556896217
Properties.filedate=1291876918
Properties.filedatetext=2010-12-09 01:41:58

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\67.15.218.106\RMM_PVP.sol
Properties.size=71
Properties.md5=D6FC25E4DC989A658387AE9AFDBFBA42
Properties.filedate=1291625184
Properties.filedatetext=2010-12-06 03:46:24

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\admin.brightcove.com\acudeoSession.sol
Properties.size=68
Properties.md5=0CCC5633A8D82C05E16D4CC5331BDBE0
Properties.filedate=1291914891
Properties.filedatetext=2010-12-09 12:14:51

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\admin.brightcove.com\com.conviva.livePass.sol
Properties.size=123
Properties.md5=AE5EF84266E71B200CC65E33C5E9BD46
Properties.filedate=1291612781
Properties.filedatetext=2010-12-06 00:19:40

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\admin.brightcove.com\com.quantserve.sol
Properties.size=70
Properties.md5=521F1F4264D29088E612EF4640C9C9A3
Properties.filedate=1291620723
Properties.filedatetext=2010-12-06 02:32:02

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\ak.c.ooyala.com\adsets.sol
Properties.size=53
Properties.md5=B29BF547FD610BF8BDA1796885EF9CD9
Properties.filedate=1291872389
Properties.filedatetext=2010-12-09 00:26:29

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\cdn.visiblemeasures.com\configData.sol
Properties.size=315
Properties.md5=323ADE92ED4651514C7B9345737ABBA9
Properties.filedate=1291619164
Properties.filedatetext=2010-12-06 02:06:04

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\cdn.visiblemeasures.com\sessionData.sol
Properties.size=137
Properties.md5=46D216E952D468F21793ACD240B8C7AF
Properties.filedate=1291619165
Properties.filedatetext=2010-12-06 02:06:04

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\cdn.visiblemeasures.com\userData.sol
Properties.size=97
Properties.md5=56C6C0E90DBDA13B308BC4AB520925A0
Properties.filedate=1291619165
Properties.filedatetext=2010-12-06 02:06:05

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\cdn1.telemetryverification.net\dbg.sol
Properties.size=53
Properties.md5=D6510CCF6BEDF7E6DD3DE29A8E0EE4AF
Properties.filedate=1291924102
Properties.filedatetext=2010-12-09 14:48:21

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\cdn1.telemetryverification.net\mb.sol
Properties.size=159
Properties.md5=AD91B5F4B634666DDD410EC15E2B5FEC
Properties.filedate=1291924473
Properties.filedatetext=2010-12-09 14:54:32

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\crackle.com\crackleSettings.sol
Properties.size=54
Properties.md5=ED2C8069F94483CD38ADD1FB72D9BA5D
Properties.filedate=1291756028
Properties.filedatetext=2010-12-07 16:07:08

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\flash.quantserve.com\com.quantserve.sol
Properties.size=51
Properties.md5=D093A9D60A000D66B58C96D5EFEB4BF4
Properties.filedate=1291619139
Properties.filedatetext=2010-12-06 02:05:39

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\i2.current.com\analytics.sol
Properties.size=414
Properties.md5=628804EA4F3592817FABED102C150576
Properties.filedate=1291619163
Properties.filedatetext=2010-12-06 02:06:03

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\i2.current.com\com.quantserve.sol
Properties.size=51
Properties.md5=EA0C356EC701634230DA994C39773A98
Properties.filedate=1291619139
Properties.filedatetext=2010-12-06 02:05:39

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\i2.current.com\currentPlaylistStore.sol
Properties.size=4092
Properties.md5=39420F95B1A8CF849BAB3DC9467EFB5E
Properties.filedate=1291619082
Properties.filedatetext=2010-12-06 02:04:42

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\img3.video.s-msn.com\msn-v5-0.sol
Properties.size=78
Properties.md5=FF58EFA976CCCED2795B7CF6F79B24B1
Properties.filedate=1291747402
Properties.filedatetext=2010-12-07 13:43:21

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\is1.j.tv2n.net\dbg.sol
Properties.size=50
Properties.md5=4A8AEE7A574453207FF87E0070D1833C
Properties.filedate=1291637642
Properties.filedatetext=2010-12-06 07:14:02

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\is1.j.tv2n.net\mb.sol
Properties.size=159
Properties.md5=E2FE38674C5696136577CCE10EB374C0
Properties.filedate=1291637648
Properties.filedatetext=2010-12-06 07:14:08

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media.mtvnservices.com\com.quantserve.sol
Properties.size=73
Properties.md5=74424A1FF1EA67BB07B30115ECC7E50A
Properties.filedate=1291921748
Properties.filedatetext=2010-12-09 14:09:08

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media1.break.com\break.sol
Properties.size=64
Properties.md5=1441FB2DC62AAF96B45BFCCBB9BD6374
Properties.filedate=1291615848
Properties.filedatetext=2010-12-06 01:10:47

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\objects.tremormedia.com\com.quantserve.sol
Properties.size=51
Properties.md5=EA0C356EC701634230DA994C39773A98
Properties.filedate=1291870562
Properties.filedatetext=2010-12-08 23:56:02

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\objects.tremormedia.com\com.tremormedia.acudeocomponent.sol
Properties.size=162
Properties.md5=5AFEC9D00F7975CD8893355DF89590D5
Properties.filedate=1291870562
Properties.filedatetext=2010-12-08 23:56:02

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\p.ooyala.com\auth.sol
Properties.size=70
Properties.md5=315ABE9D6051ED3FC3E0483C4DB52315
Properties.filedate=1291872366
Properties.filedatetext=2010-12-09 00:26:05

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\p.ooyala.com\auth2.sol
Properties.size=188
Properties.md5=7AC9454550C4603536C5B869560F723F
Properties.filedate=1291872389
Properties.filedatetext=2010-12-09 00:26:29

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\p.ooyala.com\perf.sol
Properties.size=122
Properties.md5=A413310A163B33C032D430579D6588AC
Properties.filedate=1291872425
Properties.filedatetext=2010-12-09 00:27:04

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\p1.soundcloud.com\analytics.sol
Properties.size=472
Properties.md5=5B7A3F9FB0CE3F7BEBB7DAB4F576BEEB
Properties.filedate=1291732382
Properties.filedatetext=2010-12-07 09:33:02

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\pfiles.5min.com\analytics.sol
Properties.size=457
Properties.md5=BE0CF265146F58137CD11BAF7D6C8530
Properties.filedate=1291924430
Properties.filedatetext=2010-12-09 14:53:49

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\player.videopublishing.com\acudeoSession.sol
Properties.size=229
Properties.md5=59769B783FEF55D6E26C5455990FB059
Properties.filedate=1291915036
Properties.filedatetext=2010-12-09 12:17:16

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\player.videopublishing.com\com.quantserve.sol
Properties.size=73
Properties.md5=48A8A829CF832F92A2E2ABC7B0AB9F6C
Properties.filedate=1291609525
Properties.filedatetext=2010-12-05 23:25:25

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\player.videopublishing.com\com.videopublishing.sol
Properties.size=51
Properties.md5=6294354C95DD98DE3B4D9D98AD825A6B
Properties.filedate=1291609549
Properties.filedatetext=2010-12-05 23:25:48

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\player.videopublishing.com\InnovidExtension.sol
Properties.size=147
Properties.md5=6E1CFAA732AED9CC0DE74719B22CADFD
Properties.filedate=1291915036
Properties.filedatetext=2010-12-09 12:17:16

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
Properties.filedate=1291619202
Properties.filedatetext=2010-12-06 02:06:41

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\secure-us.imrworldwide.com\_ggCvar.sol
Properties.size=74
Properties.md5=8A90C4CDC2A999BCF9410590C4EF28DA
Properties.filedate=1291614054
Properties.filedatetext=2010-12-06 00:40:53

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\secure-us.imrworldwide.com\_ggCvar_temp.sol
Properties.size=79
Properties.md5=243949C65DBECD05FC0EFB77A5B854B1
Properties.filedate=1291614054
Properties.filedatetext=2010-12-06 00:40:53

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\secure-us.imrworldwide.com\_ggMCvar_1.sol
Properties.size=74
Properties.md5=8DF2DE1D8D5D98947E599490DAC450F8
Properties.filedate=1291933269
Properties.filedatetext=2010-12-09 17:21:09

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\serve.a-widget.com\analytics.sol
Properties.size=257
Properties.md5=079D2681765CD3AA337D511BFB358C57
Properties.filedate=1291924232
Properties.filedatetext=2010-12-09 14:50:31

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\static.scanscout.com\com.quantserve.sol
Properties.size=72
Properties.md5=CF147CCE629F03C3E0C10FFB795228C3
Properties.filedate=1291612669
Properties.filedatetext=2010-12-06 00:17:48

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\static.taaz.com\ivillage.sol
Properties.size=39
Properties.md5=0FDF536D3B388EED9EAECA32B3788A8C
Properties.filedate=1291904475
Properties.filedatetext=2010-12-09 09:21:15

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\static.taaz.com\loggedRPCRequests.sol
Properties.size=144
Properties.md5=B252D24DEA4BC88D1FBA9DC6C289418B
Properties.filedate=1291904476
Properties.filedatetext=2010-12-09 09:21:15

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\static2.filmannex.com\acudeoSession.sol
Properties.size=68
Properties.md5=C2BB42452F8EDF33B1BC155E88E812B2
Properties.filedate=1291748861
Properties.filedatetext=2010-12-07 14:07:40

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\static2.filmannex.com\com.quantserve.sol
Properties.size=72
Properties.md5=0599DB720FCFED8993D1BD17851EE61F
Properties.filedate=1291610823
Properties.filedatetext=2010-12-05 23:47:02

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\vdassets.bitgravity.com\acudeoSession.sol
Properties.size=93
Properties.md5=CFD65E63531135CFE39272BC2DE9CE47
Properties.filedate=1291935044
Properties.filedatetext=2010-12-09 17:50:43

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\vdassets.bitgravity.com\com.quantserve.sol
Properties.size=73
Properties.md5=4954EEF34D1B8A37BAD9761C73565D08
Properties.filedate=1291612578
Properties.filedatetext=2010-12-06 00:16:17

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\vizu.com\acUserData.sol
Properties.size=1189
Properties.md5=5BF54435E7ABBEF974DA9CFF5FAD4920
Properties.filedate=1291920101
Properties.filedatetext=2010-12-09 13:41:41

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.babelgum.com\com.quantserve.sol
Properties.size=72
Properties.md5=DAAE6A85359560FD73ADA7FE0E22E011
Properties.filedate=1291732107
Properties.filedatetext=2010-12-07 09:28:26

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.blinkx.com\acudeoSession.sol
Properties.size=93
Properties.md5=9D8D30FE29F2DCEB24D55DFC4FCE06A1
Properties.filedate=1291730585
Properties.filedatetext=2010-12-07 09:03:04

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.blinkx.com\com.quantserve.sol
Properties.size=72
Properties.md5=CFBE40C8995566C984010572027944D6
Properties.filedate=1291730439
Properties.filedatetext=2010-12-07 09:00:38

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.blogtv.com\blogtvData.sol
Properties.size=52
Properties.md5=2F674DBEDAD933190FB59DA394D1DB65
Properties.filedate=1291906930
Properties.filedatetext=2010-12-09 10:02:10

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.bravotv.com\5c66bb00-6bd7-11dd-ad8b-0800200c9a67.sol
Properties.size=339
Properties.md5=92478433A63DD24B29DAE74CDAB0453F
Properties.filedate=1291732596
Properties.filedatetext=2010-12-07 09:36:36

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.dailymotion.com\com_auditude_ads.sol
Properties.size=115
Properties.md5=184773C98D934053D989B91FD92EB1C5
Properties.filedate=1291921680
Properties.filedatetext=2010-12-09 14:07:59

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.mevio.com\acudeoSession.sol
Properties.size=121
Properties.md5=BC0660E30AB3A79451A83BC66EC3BE91
Properties.filedate=1291760811
Properties.filedatetext=2010-12-07 17:26:51

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.mevio.com\com.quantserve.sol
Properties.size=73
Properties.md5=DBE017CA830D9C94A8C2BD5C521F9D4F
Properties.filedate=1291611004
Properties.filedatetext=2010-12-05 23:50:04

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\67.15.218.106\RMM_PVP.sol
Properties.size=71
Properties.md5=D6FC25E4DC989A658387AE9AFDBFBA42
Properties.filedate=1291769721
Properties.filedatetext=2010-12-07 19:55:20

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\ak.c.ooyala.com\adsets.sol
Properties.size=53
Properties.md5=B29BF547FD610BF8BDA1796885EF9CD9
Properties.filedate=1291753178
Properties.filedatetext=2010-12-07 15:19:38

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\bandtools.nabbr.com\com.quantserve.sol
Properties.size=51
Properties.md5=EA0C356EC701634230DA994C39773A98
Properties.filedate=1291926970
Properties.filedatetext=2010-12-09 15:36:10

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\flash.quantserve.com\com.quantserve.sol
Properties.size=51
Properties.md5=D093A9D60A000D66B58C96D5EFEB4BF4
Properties.filedate=1291926970
Properties.filedatetext=2010-12-09 15:36:10

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\is1.j.tv2n.net\dbg.sol
Properties.size=53
Properties.md5=BAF0F1466761ED66FFD9A1BE27905163
Properties.filedate=1291926928
Properties.filedatetext=2010-12-09 15:35:28

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\is1.j.tv2n.net\mb.sol
Properties.size=159
Properties.md5=5CC30DAE746E1A3BB99812404B039BD0
Properties.filedate=1291928137
Properties.filedatetext=2010-12-09 15:55:36

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\mail.google.com\wakeup.sol
Properties.size=37
Properties.md5=FAEBF828D6C5D158230E0778B228B291
Properties.filedate=1291935473
Properties.filedatetext=2010-12-09 17:57:53

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\p.ooyala.com\auth.sol
Properties.size=70
Properties.md5=6F21288EF5BE70B9F13D3E6EA122ED52
Properties.filedate=1291753177
Properties.filedatetext=2010-12-07 15:19:36

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\p.ooyala.com\auth2.sol
Properties.size=618
Properties.md5=90CC1A48A96613A7CB39191B2DE90866
Properties.filedate=1291753233
Properties.filedatetext=2010-12-07 15:20:32

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\p.ooyala.com\perf.sol
Properties.size=125
Properties.md5=09FB0DF47678BFD128DD15931D6BB171
Properties.filedate=1291753215
Properties.filedatetext=2010-12-07 15:20:15

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\www.youtube.com\videostats.sol
Properties.size=199
Properties.md5=3348ECDD23D00F4BF460426AC4BC967A
Properties.filedate=1291928143
Properties.filedatetext=2010-12-09 15:55:42

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\core.videoegg.com\#ve\admanager.sol
Properties.size=93
Properties.md5=FDE1A5D55C50CD0D3BB683441C417062
Properties.filedate=1291927657
Properties.filedatetext=2010-12-09 15:47:37

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\core.videoegg.com\#ve\admanager.sol
Properties.size=93
Properties.md5=5545DA9F5E3EA537F639D735761F3957
Properties.filedate=1291748848
Properties.filedatetext=2010-12-07 14:07:27

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\p1.soundcloud.com\player.swf\SCPlayer.sol
Properties.size=47
Properties.md5=C3A26E7EDDA47B3BFD6E56CC20F9BF19
Properties.filedate=1291732297
Properties.filedatetext=2010-12-07 09:31:37

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\R M\Application Data\Macromedia\Flash Player\#SharedObjects\9U2PKD8S\skype.com\#ui\preferences.sol
Properties.size=233
Properties.md5=0B353533B381E9CCCC98AE037F74EEB7
Properties.filedate=1291746023
Properties.filedatetext=2010-12-07 13:20:22

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\core.videoegg.com\#com\videoegg\Demo.sol
Properties.size=444
Properties.md5=9423921BB5E25B267995F19C060255A0
Properties.filedate=1291927691
Properties.filedatetext=2010-12-09 15:48:10

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\core.videoegg.com\#com\videoegg\OptOut.sol
Properties.size=61
Properties.md5=4B9235D76178FC0975BF619587492AE6
Properties.filedate=1291927657
Properties.filedatetext=2010-12-09 15:47:37

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\core.videoegg.com\#com\videoegg\Retargeting.sol
Properties.size=66
Properties.md5=6805506CD57383C465E8AC4E2D6A26FC
Properties.filedate=1291927691
Properties.filedatetext=2010-12-09 15:48:10

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\core.videoegg.com\#com\videoegg\Tearsheet.sol
Properties.size=84
Properties.md5=3CE4616AF4714562018C03F6D012982D
Properties.filedate=1291927657
Properties.filedatetext=2010-12-09 15:47:37

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\N3MUMZ54\core.videoegg.com\#com\videoegg\Twig.sol
Properties.size=79
Properties.md5=A39247C967521F7E097CE5CC55190F24
Properties.filedate=1291927658
Properties.filedatetext=2010-12-09 15:47:37

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\core.videoegg.com\#com\videoegg\Demo.sol
Properties.size=469
Properties.md5=42157AFAE0176C4A89DC74B001581E41
Properties.filedate=1291873723
Properties.filedatetext=2010-12-09 00:48:42

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\core.videoegg.com\#com\videoegg\doc.sol
Properties.size=83
Properties.md5=FD0DE6901B3A4B6C309D0A2D36B3AA26
Properties.filedate=1291906895
Properties.filedatetext=2010-12-09 10:01:35

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\core.videoegg.com\#com\videoegg\OptOut.sol
Properties.size=61
Properties.md5=7F3024FD6334175048C8CEE6BFDCDB1C
Properties.filedate=1291748848
Properties.filedatetext=2010-12-07 14:07:27

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\core.videoegg.com\#com\videoegg\Retargeting.sol
Properties.size=124
Properties.md5=F9463DA2C73B30D064803FB656E9AE07
Properties.filedate=1291906909
Properties.filedatetext=2010-12-09 10:01:49

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\core.videoegg.com\#com\videoegg\Tearsheet.sol
Properties.size=84
Properties.md5=D6A54A30B5750A8F99063F477AF1480F
Properties.filedate=1291873684
Properties.filedatetext=2010-12-09 00:48:03

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\core.videoegg.com\#com\videoegg\Twig.sol
Properties.size=79
Properties.md5=4541BBCA67FBEAE9EC88C7841825F351
Properties.filedate=1291873685
Properties.filedatetext=2010-12-09 00:48:04

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\games-fe20.gamesville.com\flash\QuickDrawPoker-v1012011612.swf\toolbar.sol
Properties.size=60
Properties.md5=F092275DB8593BBFE2D8F1C35DDB09B3
Properties.filedate=1291620905
Properties.filedatetext=2010-12-06 02:35:05

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\games-fe20.gamesville.com\flash\QuickDrawPoker-v1012071259.swf\toolbar.sol
Properties.size=60
Properties.md5=F092275DB8593BBFE2D8F1C35DDB09B3
Properties.filedate=1291920221
Properties.filedatetext=2010-12-09 13:43:41

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media.mtvnservices.com\player\gui\ffGUILogging.sol
Properties.size=52
Properties.md5=92ABF1051C6BC12E0631B0456FD4DC84
Properties.filedate=1291921784
Properties.filedatetext=2010-12-09 14:09:43

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media.mtvnservices.com\player\gui\fps.sol
Properties.size=34
Properties.md5=1F62FD0F589C1C796860C861283B93C3
Properties.filedate=1291921784
Properties.filedatetext=2010-12-09 14:09:43

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media.mtvnservices.com\player\loader\loaderLogging.sol
Properties.size=54
Properties.md5=B2389C69BFDFE9B91C3F86FF2EA9B2F3
Properties.filedate=1291921785
Properties.filedatetext=2010-12-09 14:09:44

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media.mtvnservices.com\player\release\MetadataHistory.sol
Properties.size=1984
Properties.md5=DCB5D31F1CC4CA79393193BDBCFF939B
Properties.filedate=1291921785
Properties.filedatetext=2010-12-09 14:09:44

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media.mtvnservices.com\player\release\playerCounter.sol
Properties.size=230
Properties.md5=0105CF74F73BADD19D195CB121BD1963
Properties.filedate=1291921743
Properties.filedatetext=2010-12-09 14:09:03

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media.mtvnservices.com\player\release\qcDemoVal.sol
Properties.size=52
Properties.md5=D556998B8953BBA3CD1D776E3849B8FD
Properties.filedate=1291921785
Properties.filedatetext=2010-12-09 14:09:44

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\media.mtvnservices.com\player\release\userPrefs4.sol
Properties.size=329
Properties.md5=990C93DEEC7D00E6A67B341D332D54D7
Properties.filedate=1291921785
Properties.filedatetext=2010-12-09 14:09:44

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.babelgum.com\player\babelgumplayer.swf\BBGUM_SessionManager_LINEAR.sol
Properties.size=114
Properties.md5=A1B5411C1B9A1FA26447613A0CC3C071
Properties.filedate=1291916855
Properties.filedatetext=2010-12-09 12:47:34

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.babelgum.com\player\babelgumplayer.swf\bbg_data.sol
Properties.size=454
Properties.md5=247410C4226F206D4DC1E2E790C45AD0
Properties.filedate=1291916803
Properties.filedatetext=2010-12-09 12:46:43

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SKEGEL9H\www.blinkx.com\f2\player.swf\blinkxPlayerSkin1.sol
Properties.size=201
Properties.md5=5237A72C9DD8ED1FCA380F542575DA3E
Properties.filedate=1291904493
Properties.filedatetext=2010-12-09 09:21:33

MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Microsoft Management Console\Recent File List

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1009\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 10.0: [SBI $65F660A1] Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\10.0\Common\Internet\UseRWHlinkNavigation

MS Office 10.0: [SBI $A0473B14] Access recent file (1 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\10.0\Access\Settings

MS Office 10.0: [SBI $A0473B14] Access recent file (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\10.0\Access\Settings

MS Office 10.0: [SBI $A0473B14] Access recent file (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Office\10.0\Access\Settings

MS Office 10.0: [SBI $40D97094] Recently used symbol list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\10.0\Common\General\SymbolMRU

MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\10.0\Word\Data\Settings

MS Office 10.0 (Excel): [SBI $16D8675C] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\10.0\Excel\Recent Files

MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

MS Office 11.0: [SBI $D8926923] Last typed search text (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\Common\Search\Last Query\LastSearchText

MS Office 11.0 (Cliparts): [SBI $D2A56AFD] Last search made (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query

MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\MSPaper 11.0\Persist File Name

MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\MSPaper 11.0\Recent File List

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (Outlook): [SBI $51367364] Typed search term history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\Outlook\Office Finder

MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\PowerPoint\Recent File List

MS Office 11.0 (Publisher): [SBI $52D0C0B4] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\Publisher\Recent File List

MS Office 11.0 (Script Editor): [SBI $6D84673C] Last loaded project (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\MSE\LastLoadedSolution

MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Paint: [SBI $07867C39] Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Picture It! 9.0 (MSN Photo module): [SBI $AF55B285] Last opened folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\MSNPubSend\LastFolderForOpen

MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Search Assistant\ACMru

MS Wordpad: [SBI $4C02334D] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (54 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinZip: [SBI $4912A1BE] Recent extracted file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Nico Mak Computing\WinZip\extract

WinZip: [SBI $669C1037] Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Nico Mak Computing\WinZip\directories\DefDir

WinZip: [SBI $1FCFAF16] Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Nico Mak Computing\WinZip\directories\zDefDir

WinZip: [SBI $E95B93ED] Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Nico Mak Computing\WinZip\directories\AddDir

WinZip: [SBI $FF613757] Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Nico Mak Computing\WinZip\directories\ExtractTo

WinZip: [SBI $9EC1EAC6] Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Nico Mak Computing\WinZip\directories\gzAddDir

WinZip: [SBI $214A5C12] Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3301780148-2802472426-3453984298-1006\Software\Nico Mak Computing\WinZip\directories\gzExtractTo

Cookie: [SBI $49804B54] Cookie (34) (Cookie, nothing done)


Cache: [SBI $49804B54] Cache (93) (Cache, nothing done)


History: [SBI $49804B54] History (19) (History, nothing done)


Cookie: [SBI $49804B54] Cookie (631) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-08-14 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-11 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-11-30 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-11-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-12-07 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-11-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-11-30 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-11-02 Includes\Trojans.sbi (*)
2010-11-30 Includes\TrojansC-02.sbi (*)
2010-11-30 Includes\TrojansC-03.sbi (*)
2010-11-30 Includes\TrojansC-04.sbi (*)
2010-12-07 Includes\TrojansC-05.sbi (*)
2010-11-30 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Blade81
2010-12-10, 15:11
Hi,

You seem to have both AVG and Avast installed. It's recommended to have one antivirus installed in one system only.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
LoginFailed
2010-12-11, 18:25
The log file from ComboFix is attached.
Blade81
2010-12-12, 13:03
Please post fresh dds.txt log too.
LoginFailed
2010-12-12, 19:27
Attached is the DDS log
Blade81
2010-12-13, 18:04
Hi again,

Uninstall old Adobe Reader versions and get the latest one (9.4 + 9.4.1 update or Adobe Reader X if offered) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 22 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish.


Post back its report & fresh dds logs. How's the system running?
tashi
2010-12-20, 05:54
LoginFailed this thread has been archived due to inactivity.

As it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.