Featherman (Checkup.TXT Log) Log #4

Results of screen317's Security Check version 0.99.18
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Java(TM) 6 Update 26
Java(TM) 6 Update 2
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
You should not create a new thread for each post. Stay in one thread to reply with the logs.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.



* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
********************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

I have downloaded the latest JAVA program.

Copied and pasted the new info into the OTL and clicked run Fix and I do not get any sort of report? I have done this 3 times with the same results. I have rebooted my computer each time. Any suggestions?

Featherman wrote:

I have downloaded the latest JAVA program.

Copied and pasted the new info into the OTL and clicked run Fix and I do not get any sort of report? I have done this 3 times with the same results. I have rebooted my computer each time. Any suggestions?

Please skip that part for now and run the other scans.

All processes killed
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 350829052 bytes
->Temporary Internet Files folder emptied: 53596066 bytes
->Java cache emptied: 2788844 bytes
->FireFox cache emptied: 64320630 bytes
->Google Chrome cache emptied: 137893402 bytes
->Apple Safari cache emptied: 49152 bytes
->Flash cache emptied: 1961893 bytes

User: Public

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4643 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2177536 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26979092 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66340 bytes
RecycleBin emptied: 162230 bytes

Total Files Cleaned = 611.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08302011_225658

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Users\Jim\AppData\Local\Temp\etilqs_brssq2xbdFbcwq1 not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\etilqs_LsMIqIPXk5URJpr not found!
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\SysNative\SET3BFD.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2011 at 11:52 PM

Application Version : 5.0.1118

Core Rules Database Version : 7624
Trace Rules Database Version: 5436

Scan type : Quick Scan
Total Scan Time : 00:14:33

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned : 510
Memory threats detected : 0
Registry items scanned : 59892
Registry threats detected : 1
File items scanned : 10282
File threats detected : 369

PUP.StartNow Toolbar
(x86) HKU\S-1-5-21-3964666065-47467455-100723561-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
C:\Program Files (x86)\StartNow Toolbar\Resources\images\btn-msn.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\chevronButton.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_images.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_news.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_web.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_games.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\separator.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\splitter.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
C:\Program Files (x86)\StartNow Toolbar\Resources\images
C:\Program Files (x86)\StartNow Toolbar\Resources\installer.xml
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\index.html
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\window.css
C:\Program Files (x86)\StartNow Toolbar\Resources\protect\window.js
C:\Program Files (x86)\StartNow Toolbar\Resources\protect
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\index.html
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\window.css
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\window.js
C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate
C:\Program Files (x86)\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
C:\Program Files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
C:\Program Files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
C:\Program Files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
C:\Program Files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
C:\Program Files (x86)\StartNow Toolbar\Resources\searchbox
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbar.xml
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
C:\Program Files (x86)\StartNow Toolbar\Resources\toolbarbutton
C:\Program Files (x86)\StartNow Toolbar\Resources\update.xml
C:\Program Files (x86)\StartNow Toolbar\Resources
C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files (x86)\StartNow Toolbar\uninstall.dat
C:\Program Files (x86)\StartNow Toolbar

Adware.Tracking Cookie
.atdmt.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rotator.adjuggler.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.allbritton.122.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
web4.realtracker.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homesteadtechnologies.122.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.auto-price-finder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.auto-price-finder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.auto-price-finder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.auto-price-finder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.auto-price-finder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www1.auto-price-finder.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserving.autotrader.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.anrtx.tacoda.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.macromedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click2reply.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click2reply.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click2reply.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click2reply.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click2reply.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.walmart.112.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clickztrax.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clickztrax.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
affiliate.hbytracker.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.callmeasurement.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.callmeasurement.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mlbam.112.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.campaigner.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counter.hitslink.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
static.freewebs.getclicky.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
magellan.jonesmedia.biz [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.tracklead.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.indieclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
optimize.indieclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.tigeronline.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.tigeronline.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediabrandsww.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rotator.adjuggler.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
jmp.clickbooth.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.foxinteractivemedia.122.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pmamedia.sitescout.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
affiliate.hbytracker.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
inet2.hwbuilder.track.clicksure.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksure.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
banners.andomedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.ie9enhanced.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.microsoftwlsearchcrm.112.2o7.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.ie9enhanced.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.ie9enhanced.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HW2I3IO.DEFAULT\COOKIES.SQLITE ]

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7616

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/31/2011 5:03:44 AM
mbam-log-2011-08-31 (05-03-44).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 651475
Time elapsed: 4 hour(s), 49 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Jim at 15:28:10 on 2011-08-31
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Users\Jim\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Users\Jim\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackup.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80116&lng=en
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
uRun: [cdloader] "C:\Users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Pareto_Update] C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
uRun: [Google Update] "C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SmileboxTray] "C:\Users\Jim\AppData\Roaming\Smilebox\SmileboxTray.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Memeo Backup] "C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" --silent --no_ui
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D622F21E-19C9-4E92-9D86-5A3BEEC0481A} : DhcpNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [Memeo Backup] "C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" --silent --no_ui
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4hw2i3io.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530712&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z102&partner_id=691&product_id=655&affiliate_id=&channel=VLC_MISBL_YFALL&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110626&user_guid=634DCF3B68654EC5B192C2B9955E063D&machine_id=fe520121bffe22d994f35c452ab1f91f&browser=FF&os=win&os_version=6.0-x64-SP2
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80116&language=en&qkw=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4hw2i3io.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\FFExternalAlert.dll
FF - component: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4hw2i3io.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.67\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jim\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? cpuz132;cpuz132
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? PerfHost;Performance Counter DLL Host
R? Toolbar Updater Service;Toolbar Updater Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? AdobeARMservice;Adobe Acrobat Update Service
S? CAXHWAZL;CAXHWAZL
S? FontCache;Windows Font Cache Service
S? Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service
S? MemeoBackgroundService;MemeoBackgroundService
S? MpFilter;Microsoft Malware Protection Driver
S? MpNWMon;Microsoft Malware Protection Network Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-08-31 17:25:08 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09F33CF9-0A59-4DCC-B5B0-92359EA73EF0}\mpengine.dll
2011-08-31 03:36:06 -------- d-----w- C:\Users\Jim\AppData\Roaming\SUPERAntiSpyware.com
2011-08-31 03:35:19 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-31 03:35:19 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-31 02:39:42 -------- d-----w- C:\_OTL
2011-08-26 23:58:29 -------- d-----w- C:\Temp
2011-08-23 22:05:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 22:05:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-22 00:21:50 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-21 23:08:35 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-08-21 23:08:35 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-08-21 23:08:10 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-08-21 23:08:10 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-08-21 23:08:09 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-08-21 23:08:08 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-08-21 23:08:02 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-08-21 23:08:02 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-08-21 21:35:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-21 21:34:52 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-21 21:15:00 -------- d-----w- C:\ProgramData\RegWork
2011-08-21 20:23:28 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-21 00:20:40 -------- d-----w- C:\Windows\SysWow64\kodak
2011-08-21 00:05:55 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-08-20 22:26:25 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F17D4723-4FC7-4C2B-88F4-AB618C24E12D}\mpengine.dll
2011-08-12 21:10:48 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CDAA9F32-DF7B-4A44-BDA7-C1D766F8B441}\gapaengine.dll
2011-08-11 03:39:07 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-08-11 03:39:06 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-11 03:39:03 141104 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2011-08-11 03:39:02 174384 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2011-08-11 03:39:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2011-08-11 03:39:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2011-08-11 01:00:21 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-08-11 01:00:14 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-11 01:00:10 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2011-08-11 01:00:10 1424272 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-11 00:59:28 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-08 15:50:20 -------- d-----w- C:\Users\Jim\AppData\Roaming\Sammsoft
2011-08-05 15:32:01 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-05 15:32:00 713016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-08-05 15:32:00 265176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2011-08-05 15:32:00 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2011-08-05 15:32:00 166872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2011-08-05 15:32:00 14232536 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2011-08-05 15:32:00 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2011-08-05 15:32:00 105432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2011-08-05 14:54:41 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
.
==================== Find3M ====================
.
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-19 09:05:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-08 11:55:36 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-08 11:55:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:29:43.24 ===============

These are two update which I am unable to install. I have tried on several occasions with no success. I have followed the suggested fixes to no avail. I still receive "Code:643". Thought this might be helpful?

Also when I open "Task Manager" the list of what is open is constantly moving up and down like a moving target.

Update #1
Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871)

Download size: 27.7 MB

You may need to restart your computer for this update to take effect.

Update type: Recommended

Install this update to resolve issues in Microsoft .NET Framework 4. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft.com/fwlink/?LinkID=210664

Help and Support:
http://support.microsoft.com

Update #2

Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523)

Download size: 37.7 MB

You may need to restart your computer for this update to take effect.

Update type: Recommended

This update addresses stability, reliability, and performance issues in Microsoft .NET Framework 4. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft.com/fwlink/?LinkId=219466

Help and Support:
http://support.microsoft.com

One of the DDS logs is missing. I need to see it before moving forward.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Jim at 15:28:10 on 2011-08-31
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Users\Jim\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Users\Jim\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackup.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80116&lng=en
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
uRun: [cdloader] "C:\Users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Pareto_Update] C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
uRun: [Google Update] "C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SmileboxTray] "C:\Users\Jim\AppData\Roaming\Smilebox\SmileboxTray.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Memeo Backup] "C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" --silent --no_ui
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D622F21E-19C9-4E92-9D86-5A3BEEC0481A} : DhcpNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Broderbund Toolbar: {81e93b9c-1052-4697-aafe-b40cd69c1d22} - C:\Program Files (x86)\Broderbund\tbBrod.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [Memeo Backup] "C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" --silent --no_ui
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4hw2i3io.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530712&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z102&partner_id=691&product_id=655&affiliate_id=&channel=VLC_MISBL_YFALL&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110626&user_guid=634DCF3B68654EC5B192C2B9955E063D&machine_id=fe520121bffe22d994f35c452ab1f91f&browser=FF&os=win&os_version=6.0-x64-SP2
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80116&language=en&qkw=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4hw2i3io.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\FFExternalAlert.dll
FF - component: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4hw2i3io.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.67\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jim\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? cpuz132;cpuz132
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? PerfHost;Performance Counter DLL Host
R? Toolbar Updater Service;Toolbar Updater Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? AdobeARMservice;Adobe Acrobat Update Service
S? CAXHWAZL;CAXHWAZL
S? FontCache;Windows Font Cache Service
S? Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service
S? MemeoBackgroundService;MemeoBackgroundService
S? MpFilter;Microsoft Malware Protection Driver
S? MpNWMon;Microsoft Malware Protection Network Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-08-31 17:25:08 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09F33CF9-0A59-4DCC-B5B0-92359EA73EF0}\mpengine.dll
2011-08-31 03:36:06 -------- d-----w- C:\Users\Jim\AppData\Roaming\SUPERAntiSpyware.com
2011-08-31 03:35:19 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-31 03:35:19 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-31 02:39:42 -------- d-----w- C:\_OTL
2011-08-26 23:58:29 -------- d-----w- C:\Temp
2011-08-23 22:05:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 22:05:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-22 00:21:50 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-21 23:08:35 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-08-21 23:08:35 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-08-21 23:08:10 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-08-21 23:08:10 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-08-21 23:08:09 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-08-21 23:08:08 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-08-21 23:08:02 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-08-21 23:08:02 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-08-21 21:35:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-21 21:34:52 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-21 21:15:00 -------- d-----w- C:\ProgramData\RegWork
2011-08-21 20:23:28 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-21 00:20:40 -------- d-----w- C:\Windows\SysWow64\kodak
2011-08-21 00:05:55 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-08-20 22:26:25 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F17D4723-4FC7-4C2B-88F4-AB618C24E12D}\mpengine.dll
2011-08-12 21:10:48 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CDAA9F32-DF7B-4A44-BDA7-C1D766F8B441}\gapaengine.dll
2011-08-11 03:39:07 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-08-11 03:39:06 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-11 03:39:03 141104 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2011-08-11 03:39:02 174384 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2011-08-11 03:39:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2011-08-11 03:39:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2011-08-11 01:00:21 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-08-11 01:00:14 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-11 01:00:10 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2011-08-11 01:00:10 1424272 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-11 00:59:28 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-08 15:50:20 -------- d-----w- C:\Users\Jim\AppData\Roaming\Sammsoft
2011-08-05 15:32:01 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-05 15:32:00 713016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-08-05 15:32:00 265176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2011-08-05 15:32:00 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2011-08-05 15:32:00 166872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2011-08-05 15:32:00 14232536 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2011-08-05 15:32:00 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2011-08-05 15:32:00 105432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2011-08-05 14:54:41 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
.
==================== Find3M ====================
.
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-19 09:05:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-08 11:55:36 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-08 11:55:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:29:43.24 ===============

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Featherman

ComboFix 11-09-04.03 - Jim 09/04/2011 20:53:30.1.2 - x64
Running from: c:\users\Jim\Documents\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\KBL.LOG
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-08-31 03:36 . 2011-08-31 03:36 -------- d-----w- c:\users\Jim\AppData\Roaming\SUPERAntiSpyware.com
2011-08-31 03:35 . 2011-08-31 03:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-31 03:35 . 2011-08-31 03:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-31 02:39 . 2011-08-31 02:39 -------- d-----w- C:\_OTL
2011-08-26 23:58 . 2011-08-26 23:58 -------- d-----w- C:\Temp
2011-08-23 22:05 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 22:05 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-22 00:21 . 2011-08-22 00:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-21 23:08 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-21 23:08 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-21 23:08 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-08-21 23:08 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-08-21 23:08 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-08-21 23:08 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-08-21 23:08 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-21 23:08 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-08-21 21:35 . 2011-08-21 21:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-21 21:34 . 2011-08-12 01:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-21 21:15 . 2011-08-21 22:35 -------- d-----w- c:\programdata\RegWork
2011-08-21 20:23 . 2011-08-21 20:23 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-21 00:20 . 2011-08-21 00:21 -------- d-----w- c:\windows\SysWow64\kodak
2011-08-21 00:05 . 2010-09-02 19:31 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-08-20 22:56 . 2011-08-20 22:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-08-12 21:10 . 2011-01-27 16:04 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDAA9F32-DF7B-4A44-BDA7-C1D766F8B441}\gapaengine.dll
2011-08-11 03:39 . 2011-07-22 05:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-11 03:39 . 2011-07-22 02:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-11 03:39 . 2011-07-22 03:00 141104 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2011-08-11 03:39 . 2011-07-22 05:55 174384 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-08-11 03:39 . 2011-07-22 05:34 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-08-11 03:39 . 2011-07-22 02:46 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2011-08-11 01:00 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 01:00 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 01:00 . 2011-06-17 20:14 1424272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 01:00 . 2011-06-17 13:56 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-11 00:59 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-08 15:50 . 2011-08-09 17:34 -------- d-----w- c:\users\Jim\AppData\Roaming\Sammsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 12:48 . 2011-08-20 22:26 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F17D4723-4FC7-4C2B-88F4-AB618C24E12D}\mpengine.dll
2011-08-12 01:10 . 2010-11-15 15:44 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-19 09:05 . 2010-06-09 15:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-08 11:55 . 2010-03-08 17:17 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-08 11:55 . 2010-03-08 17:17 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 16:35 . 2010-12-24 21:40 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-24 01:55 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]
2010-11-24 01:55 3908192 ----a-w- c:\program files (x86)\Broderbund\tbBrod.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{81e93b9c-1052-4697-aafe-b40cd69c1d22}"= "c:\program files (x86)\Broderbund\tbBrod.dll" [2010-11-24 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-24 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Pareto_Update"="c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe" [2009-01-13 189808]
"SmileboxTray"="c:\users\Jim\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-03-09 312640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Memeo Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-07-21 136416]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AccuWeather.lnk - c:\program files (x86)\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-07-21 25824]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 12:16]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 12:16]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964666065-47467455-100723561-1000Core.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31 21:16]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964666065-47467455-100723561-1000UA.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31 21:16]
.
2011-08-21 c:\windows\Tasks\HPCeeScheduleForJim.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-04-25 18:58]
.
2011-08-31 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2011-08-31 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 380448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 15952416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 82464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"combofix"="c:\combofix\CF178.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80116&lng=en
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4hw2i3io.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530712&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z102&partner_id=691&product_id=655&affiliate_id=&channel=VLC_MISBL_YFALL&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110626&user_guid=634DCF3B68654EC5B192C2B9955E063D&machine_id=fe520121bffe22d994f35c452ab1f91f&browser=FF&os=win&os_version=6.0-x64-SP2
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80116&language=en&qkw=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-{A1062847-0846-427A-92A1-BB8251A91E91} - c:\program files (x86)\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Memeo\AutoBackup\MemeoBackup.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
c:\users\Jim\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2011-09-04 22:30:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 02:30
.
Pre-Run: 144,061,919,232 bytes free
Post-Run: 142,409,666,560 bytes free
.
- - End Of File - - C645A6F422555CE2E17154B916EE008A

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

I have tried to run "rooter" several times and I immediately receive the Problem message that is shown below and then the program closes? Any suggestions?
Featherman

Problem signature:
Problem Event Name: APPCRASH
Application Name: Rooter (2).exe
Application Version: 0.1.1.1
Application Timestamp: 4a429fb9
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6002.18327
Fault Module Timestamp: 4cb7341c
Exception Code: c0000005
Exception Offset: 00060524
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

Ok. Please try this one.

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
  
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
  
  
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
    
  
  
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  
• To clean up these entries click on the Clean up checked items button
  
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  
• When you have re-booted,and tell me how your computer is running now
  

The results of the scan did not show anything that was a problem. My computer seems to have been restored to performance similar to when I purchased it 3 years ago. I appreciate your hard work!!!!
Thank You for all your help. As I need my computer for the new job I just got. (after 3 years without one)
Featherman!!!!

Thank You for all your help. As I need my computer for the new job I just got. (after 3 years without one)
Featherman!!!!.

I'm glad for all your good news. I would like to run one more scan and then we should do some cleanup.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

This is the result of the latest scan. Would you like me to do anything else?
Are these programs you have had me use to repair my PROBLEM what I should purchase to keep my computer safe or is it such a fluid situation that is better not to rely on any group of programs?
Thanks again for all your help.
Sincerely,
Featherman

C:\Users\Jim\Documents\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************

Are these programs you have had me use to repair my PROBLEM what I should purchase to keep my computer safe or is it such a fluid situation that is better not to rely on any group of programs?

No. Most of these programs that I use are not for sale. If there are no other issues we can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

**********************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!