Computer Hope
Software => Computer viruses and spyware => Topic started by: smootr9 on September 13, 2010, 10:17:53 PM
-
I have a virus or nasty spyware that I can't remove do to the fact that I can't install anything. It also won't let me run my antivirus or spyware programs. Please help. I am totally frustrated at this point.
Windows xp pro. sp2
norton antivirus.
spybot and ad aware
-
go here and TRY and download hjt and re-name to snipper.exe , run and post the log
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
here is the log file from hjt.
The software posted that it could not write host file. That is the only message that I got.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:33 AM, on 9/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://housecall.trendmicro.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 216.45.48.244 www.google.com
O1 - Hosts: 216.45.48.244 google.com
O1 - Hosts: 216.45.48.244 google.com.au
O1 - Hosts: 216.45.48.244 www.google.com.au
O1 - Hosts: 216.45.48.244 google.be
O1 - Hosts: 216.45.48.244 www.google.be
O1 - Hosts: 216.45.48.244 google.com.br
O1 - Hosts: 216.45.48.244 www.google.com.br
O1 - Hosts: 216.45.48.244 google.ca
O1 - Hosts: 216.45.48.244 www.google.ca
O1 - Hosts: 216.45.48.244 google.ch
O1 - Hosts: 216.45.48.244 www.google.ch
O1 - Hosts: 216.45.48.244 google.de
O1 - Hosts: 216.45.48.244 www.google.de
O1 - Hosts: 216.45.48.244 www.google.dk
O1 - Hosts: 216.45.48.244 google.fr
O1 - Hosts: 216.45.48.244 www.google.fr
O1 - Hosts: 216.45.48.244 google.ie
O1 - Hosts: 216.45.48.244 www.google.ie
O1 - Hosts: 216.45.48.244 google.it
O1 - Hosts: 216.45.48.244 www.google.it
O1 - Hosts: 216.45.48.244 google.co.jp
O1 - Hosts: 216.45.48.244 www.google.co.jp
O1 - Hosts: 216.45.48.244 google.nl
O1 - Hosts: 216.45.48.244 www.google.nl
O1 - Hosts: 216.45.48.244 google.no
O1 - Hosts: 216.45.48.244 www.google.no
O1 - Hosts: 216.45.48.244 google.co.nz
O1 - Hosts: 216.45.48.244 www.google.co.nz
O1 - Hosts: 216.45.48.244 google.pl
O1 - Hosts: 216.45.48.244 www.google.pl
O1 - Hosts: 216.45.48.244 google.se
O1 - Hosts: 216.45.48.244 www.google.se
O1 - Hosts: 216.45.48.244 google.co.uk
O1 - Hosts: 216.45.48.244 www.google.co.uk
O1 - Hosts: 216.45.48.244 google.co.za
O1 - Hosts: 216.45.48.244 www.google.co.za
O1 - Hosts: 216.45.48.244 www.bing.com
O1 - Hosts: 216.45.48.244 search.yahoo.com
O1 - Hosts: 216.45.48.244 www.search.yahoo.com
O1 - Hosts: 216.45.48.244 uk.search.yahoo.com
O1 - Hosts: 216.45.48.244 ca.search.yahoo.com
O1 - Hosts: 216.45.48.244 de.search.yahoo.com
O1 - Hosts: 216.45.48.244 fr.search.yahoo.com
O1 - Hosts: 216.45.48.244 au.search.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLURC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\Max Spyware Detector\MaxSDTray.exe "-AUTO"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [system tool] C:\Program Files\pitwmv\vbnksysguard.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [system tool] C:\Program Files\pitwmv\vbnksysguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://connect.bedbath.com/iNotes6W.cab,DanaInfo=.asuquirgptIlppoo8xQu76,CT=java+
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://connect.bedbath.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
--
End of file - 10130 bytes
-
that worked , now you will have to wait for an expert to help you with the log
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
********************************************
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 216.45.48.244 www.google.com
O1 - Hosts: 216.45.48.244 google.com
O1 - Hosts: 216.45.48.244 google.com.au
O1 - Hosts: 216.45.48.244 www.google.com.au
O1 - Hosts: 216.45.48.244 google.be
O1 - Hosts: 216.45.48.244 www.google.be
O1 - Hosts: 216.45.48.244 google.com.br
O1 - Hosts: 216.45.48.244 www.google.com.br
O1 - Hosts: 216.45.48.244 google.ca
O1 - Hosts: 216.45.48.244 www.google.ca
O1 - Hosts: 216.45.48.244 google.ch
O1 - Hosts: 216.45.48.244 www.google.ch
O1 - Hosts: 216.45.48.244 google.de
O1 - Hosts: 216.45.48.244 www.google.de
O1 - Hosts: 216.45.48.244 www.google.dk
O1 - Hosts: 216.45.48.244 google.fr
O1 - Hosts: 216.45.48.244 www.google.fr
O1 - Hosts: 216.45.48.244 google.ie
O1 - Hosts: 216.45.48.244 www.google.ie
O1 - Hosts: 216.45.48.244 google.it
O1 - Hosts: 216.45.48.244 www.google.it
O1 - Hosts: 216.45.48.244 google.co.jp
O1 - Hosts: 216.45.48.244 www.google.co.jp
O1 - Hosts: 216.45.48.244 google.nl
O1 - Hosts: 216.45.48.244 www.google.nl
O1 - Hosts: 216.45.48.244 google.no
O1 - Hosts: 216.45.48.244 www.google.no
O1 - Hosts: 216.45.48.244 google.co.nz
O1 - Hosts: 216.45.48.244 www.google.co.nz
O1 - Hosts: 216.45.48.244 google.pl
O1 - Hosts: 216.45.48.244 www.google.pl
O1 - Hosts: 216.45.48.244 google.se
O1 - Hosts: 216.45.48.244 www.google.se
O1 - Hosts: 216.45.48.244 google.co.uk
O1 - Hosts: 216.45.48.244 www.google.co.uk
O1 - Hosts: 216.45.48.244 google.co.za
O1 - Hosts: 216.45.48.244 www.google.co.za
O1 - Hosts: 216.45.48.244 www.bing.com
O1 - Hosts: 216.45.48.244 search.yahoo.com
O1 - Hosts: 216.45.48.244 www.search.yahoo.com
O1 - Hosts: 216.45.48.244 uk.search.yahoo.com
O1 - Hosts: 216.45.48.244 ca.search.yahoo.com
O1 - Hosts: 216.45.48.244 de.search.yahoo.com
O1 - Hosts: 216.45.48.244 fr.search.yahoo.com
O1 - Hosts: 216.45.48.244 au.search.yahoo.com
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
*************************************SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
here is the sas scan log. Thanks for your help so far. I will continue with the next steps.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/15/2010 at 00:35 AM
Application Version : 4.43.1000
Core Rules Database Version : 5508
Trace Rules Database Version: 3320
Scan type : Complete Scan
Total Scan Time : 01:30:29
Memory items scanned : 431
Memory threats detected : 0
Registry items scanned : 6976
Registry threats detected : 1554
File items scanned : 95631
File threats detected : 682
Adware.Tracking Cookie
C:\Documents and Settings\Rathe\Cookies\rathe@myroitracking[2].txt
C:\Documents and Settings\Rathe\Cookies\[email protected][1].txt
C:\Documents and Settings\Rathe\Cookies\rathe@19452074[2].txt
C:\Documents and Settings\Rathe\Cookies\rathe@mediaplex[1].txt
C:\Documents and Settings\Rathe\Cookies\rathe@atdmt[1].txt
C:\Documents and Settings\Rathe\Cookies\rathe@liveperson[1].txt
C:\Documents and Settings\Rathe\Cookies\[email protected][2].txt
C:\Documents and Settings\Rathe\Cookies\rathe@adbrite[2].txt
C:\Documents and Settings\Rathe\Cookies\rathe@clicksor[1].txt
C:\Documents and Settings\Rathe\Cookies\[email protected][1].txt
C:\Documents and Settings\Rathe\Cookies\rathe@doubleclick[1].txt
C:\Documents and Settings\Rathe\Cookies\rathe@invitemedia[1].txt
C:\Documents and Settings\Rathe\Cookies\[email protected][1].txt
C:\Documents and Settings\Rathe\Cookies\rathe@apmebf[1].txt
C:\Documents and Settings\Rathe\Cookies\[email protected][2].txt
.bestsearchfind.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
clicks.bestsearchfind.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
wsclick.infospace.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
.feed.validclick.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
adsatt.espn.go.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
cdn1.eyewonder.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
cdn4.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
future.cerosmedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
interclick.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
macromedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
media.resulthost.org [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
media.tattomedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
media1.break.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
objects.tremormedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
oddcast.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
s0.2mdn.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
speed.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
static.2mdn.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
static.plymedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
static.sexsearch.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
uclick.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
udn.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
.atdmt.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adserver.adtechus.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ads-dev.youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
adserving.cpxinteractive.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.eyewonder.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
cdn4.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
cdn4.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.c7.zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.deadnetstore.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.deadnetstore.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.multimedia.boston.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
multimedia.boston.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.multimedia.boston.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
www.zenbumedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
stats.gamestop.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
advertiseva.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
glide.advertserve.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.chitika.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.indexstats.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ticketsnow.ticketmaster.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
ticketsnow.ticketmaster.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.mediaonenetwork.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.centralmediaserver.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.track.cbs.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.dealtime.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
stat.dealtime.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.clickbooth.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
friendlytrack.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
friendlytrack.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
media.mtvnservices.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
C:\Documents and Settings\Junior\Cookies\junior@247realmedia[1].txt
C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
C:\Documents and Settings\Junior\Cookies\junior@adrevolver[1].txt
C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
C:\Documents and Settings\Junior\Cookies\junior@advertising[2].txt
C:\Documents and Settings\Junior\Cookies\junior@advertising[3].txt
C:\Documents and Settings\Junior\Cookies\junior@apmebf[1].txt
C:\Documents and Settings\Junior\Cookies\junior@atdmt[1].txt
C:\Documents and Settings\Junior\Cookies\junior@burstnet[1].txt
C:\Documents and Settings\Junior\Cookies\junior@casalemedia[1].txt
C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
C:\Documents and Settings\Junior\Cookies\junior@collective-media[1].txt
C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
C:\Documents and Settings\Junior\Cookies\junior@doubleclick[1].txt
C:\Documents and Settings\Junior\Cookies\junior@doubleclick[3].txt
C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
C:\Documents and Settings\Junior\Cookies\junior@fastclick[1].txt
C:\Documents and Settings\Junior\Cookies\junior@insightexpressai[1].txt
C:\Documents and Settings\Junior\Cookies\junior@mediaplex[2].txt
C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
C:\Documents and Settings\Junior\Cookies\junior@onetruemedia[1].txt
C:\Documents and Settings\Junior\Cookies\junior@pointroll[2].txt
C:\Documents and Settings\Junior\Cookies\junior@questionmarket[2].txt
C:\Documents and Settings\Junior\Cookies\junior@realmedia[2].txt
C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
C:\Documents and Settings\Junior\Cookies\junior@specificclick[2].txt
C:\Documents and Settings\Junior\Cookies\junior@trafficmp[1].txt
C:\Documents and Settings\Junior\Cookies\junior@tribalfusion[1].txt
C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
C:\Documents and Settings\Junior\Cookies\junior@zedo[2].txt
adknowledge.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
adsatt.espn.go.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
bc.youporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
cdn-www.pornhub.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
cdn4.specificclick.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
core.insightexpressai.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
files.adbrite.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
files.youporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
flv.teenpinkvideos.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
flvplayer2.hardsextube.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
fuckedhard18.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
fuckedhard18.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
interclick.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
jacksporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
m1.2mdn.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
macromedia.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
maxporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
media.resulthost.org [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
media.tattomedia.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
media1.break.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
mediastore.verizonwireless.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
naiadsystems.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
oddcast.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
pornotube.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
static.sexsearch.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
static.sexsearchcom.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
static.youporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
tc-cdn-1.porned.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
teenbff.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
udn.specificclick.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
video.pornorama.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
videos.allelitepass.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
vidii.hardsextube.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
wdw1.wdpromedia.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
web.adknowledge.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.annysxxx.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.bdsmplaypen.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.bisexualplayground.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.collegefuckfest.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.freshteen.biz [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.maxporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.mofosex.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.naiadsystems.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.oneclicktube.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.porn8.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.pornhub.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.porntown.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.porntubx.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.pornyo.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
www.ziporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
youporn.videobox.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
adknowledge.com [ C:\Documents and Settings\Stephanie\Application Data\Macromedia\Flash Player\#SharedObjects\UNLUGEQD ]
cdn4.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Macromedia\Flash Player\#SharedObjects\UNLUGEQD ]
media.scanscout.com [ C:\Documents and Settings\Stephanie\Application Data\Macromedia\Flash Player\#SharedObjects\UNLUGEQD ]
www.pornhub.com [ C:\Documents and Settings\Stephanie\Application Data\Macromedia\Flash Player\#SharedObjects\UNLUGEQD ]
.doubleclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.adopt.euroclick.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.edge.ru4.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
media.adrevolver.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
media.adrevolver.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
data.coremetrics.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
tracking.foundry42.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
www.accountonline.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
myaccount.verizonwireless.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.bluestreak.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.roiservice.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revenue.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.deltaairlines.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
test.coremetrics.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.microsoftwlsearchcrm.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.palmone.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.keywordmax.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.perf.overture.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
www4.addfreestats.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.bfast.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.microsoftwga.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.youporn.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.youporn.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.youporn.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.*adult URL* [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.accountonline.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.webpower.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.stampscom.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.usairways.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.sojern.122.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.edmc.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Stephani
-
here is the mbam scan log. I will have the rest done soon.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4618
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
9/15/2010 5:44:40 PM
mbam-log-2010-09-15 (17-44-40).txt
Scan type: Full scan (C:\|)
Objects scanned: 280731
Time elapsed: 1 hour(s), 39 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Rathe\Application Data\My Security Shield (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\6065b69\MS6065_302.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.qqv\Cache\AC7F958Ad01 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4713YEZX\packupdate107_302[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4PK5UZCH\4ed47[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\8DU7GLUB\476c4[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP3\A0005230.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP3\A0005232.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\temp\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\temp\movie.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Application Data\My Security Shield\cookies.sqlite (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Application Data\My Security Shield\Instructions.ini (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
C:\WINNT\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
-
here is the last log file that you requested. Hopefully we are well on our way to recovery. Thank you for what you have done thus far.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4618
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
9/15/2010 5:44:40 PM
mbam-log-2010-09-15 (17-44-40).txt
Scan type: Full scan (C:\|)
Objects scanned: 280731
Time elapsed: 1 hour(s), 39 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Rathe\Application Data\My Security Shield (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\6065b69\MS6065_302.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.qqv\Cache\AC7F958Ad01 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4713YEZX\packupdate107_302[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4PK5UZCH\4ed47[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\8DU7GLUB\476c4[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP3\A0005230.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP3\A0005232.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\temp\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\temp\movie.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Application Data\My Security Shield\cookies.sqlite (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Application Data\My Security Shield\Instructions.ini (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rathe\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
C:\WINNT\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
-
sorry for the last I copied the wrong file.
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Symantec AntiVirus Client
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Max Registry Cleaner
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_07
Out of date Java installed!
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Symantec_Client_Security Symantec AntiVirus DefWatch.exe
````````````````````````````````
DNS Vulnerability Check:
nslookup.exe missing!
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
-
Please download the newest version of
Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)
Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.
Once old versions are gone, please install the newest version.
******************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
I cannot install adobe reader because I get an error message.
Error 1402 could not open key.
hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imail.
verify that you have sufficient access to that key.
I am running as an admin so I don't know how to circumvent this issue.
Thanks
-
here is the combo fix log. I was able to update java and run combo fix but still can't install reader. Where do I go from here? Thanks again.
ComboFix 10-09-15.01 - Rathe 09/16/2010 6:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.96 [GMT -4:00]
Running from: c:\documents and settings\Rathe\Desktop\commy.exe.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Rathe\Recent\cb.exe
c:\documents and settings\Rathe\Recent\DBOLE.drv
c:\documents and settings\Rathe\Recent\eb.sys
c:\documents and settings\Rathe\Recent\energy.tmp
c:\documents and settings\Rathe\Recent\exec.drv
c:\documents and settings\Rathe\Recent\exec.exe
c:\documents and settings\Rathe\Recent\exec.tmp
c:\documents and settings\Rathe\Recent\FS.drv
c:\documents and settings\Rathe\Recent\grid.dll
c:\documents and settings\Rathe\Recent\hymt.dll
c:\documents and settings\Rathe\Recent\hymt.drv
c:\documents and settings\Rathe\Recent\pal.drv
c:\documents and settings\Rathe\Recent\PE.drv
c:\documents and settings\Rathe\Recent\PE.sys
c:\documents and settings\Rathe\Recent\ppal.tmp
c:\documents and settings\Rathe\Recent\sld.sys
c:\documents and settings\Rathe\Recent\tjd.dll
c:\winnt\system32\drivers\etc\lmhosts
c:\winnt\system32\eventmgr.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.
2010-09-16 09:47 . 2010-07-17 09:00 423656 ----a-w- c:\winnt\system32\deployJava1.dll
2010-09-16 01:53 . 2010-09-16 01:53 43425624 ----a-w- c:\temp\AdbeRdr934_en_US.exe
2010-09-15 23:32 . 2010-09-15 23:32 -------- d-----w- c:\documents and settings\Rathe\Local Settings\Application Data\Threat Expert
2010-09-15 21:50 . 2010-09-15 21:50 869051 ----a-w- c:\temp\SecurityCheck.exe
2010-09-15 17:08 . 2010-09-15 17:08 -------- d-s---w- c:\documents and settings\NetworkService\Temporary Internet Files
2010-09-15 17:08 . 2010-09-15 17:08 -------- d-s---w- c:\documents and settings\NetworkService\History
2010-09-15 09:23 . 2010-04-29 19:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-09-15 03:00 . 2010-09-15 03:00 -------- d-----w- c:\documents and settings\Rathe\Application Data\SUPERAntiSpyware.com
2010-09-15 03:00 . 2010-09-15 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-15 03:00 . 2010-09-15 03:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-15 02:59 . 2010-09-15 02:59 9458552 ----a-w- c:\temp\SUPERAntiSpyware.exe
2010-09-15 02:45 . 2010-09-15 02:45 6701 ----a-w- c:\temp\MessengerDisable.zip
2010-09-14 14:31 . 2010-09-14 14:31 -------- d-----w- c:\program files\Trend Micro
2010-09-14 14:28 . 2010-09-14 14:28 1402880 ----a-w- c:\temp\HiJackThis.msi
2010-09-11 15:41 . 2010-09-11 15:41 -------- d-----w- c:\program files\NOS
2010-09-11 15:41 . 2010-09-11 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-04 19:19 . 2010-09-04 19:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-04 19:17 . 2010-09-04 19:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Neoteris
2010-09-04 19:10 . 2010-01-22 13:56 149456 ----a-w- c:\winnt\SGDetectionTool.dll
2010-09-04 19:10 . 2010-01-22 13:55 767952 ----a-w- c:\winnt\BDTSupport.dll
2010-09-04 19:10 . 2008-11-26 16:08 131 ----a-w- c:\winnt\IDB.zip
2010-09-04 19:10 . 2010-01-22 13:56 165840 ----a-w- c:\winnt\PCTBDRes.dll
2010-09-04 19:10 . 2010-01-22 13:56 1652688 ----a-w- c:\winnt\PCTBDCore.dll
2010-09-04 19:10 . 2009-10-28 05:36 1152444 ----a-w- c:\winnt\UDB.zip
2010-09-04 19:08 . 2010-02-05 13:17 233136 ----a-w- c:\winnt\system32\drivers\pctgntdi.sys
2010-09-04 19:08 . 2010-03-10 15:36 217032 ----a-w- c:\winnt\system32\drivers\PCTCore.sys
2010-09-04 19:08 . 2009-11-23 17:54 88040 ----a-w- c:\winnt\system32\drivers\PCTAppEvent.sys
2010-09-04 19:08 . 2010-02-05 13:25 70408 ----a-w- c:\winnt\system32\drivers\pctplsg.sys
2010-09-04 19:08 . 2010-09-04 19:10 -------- d-----w- c:\program files\Spyware Doctor
2010-09-04 19:08 . 2010-09-04 19:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-04 19:08 . 2010-09-04 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-04 19:08 . 2010-09-04 19:08 -------- d-----w- c:\documents and settings\admin\Application Data\PC Tools
2010-09-04 19:08 . 2010-09-16 09:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-04 19:01 . 2010-09-04 19:01 1870496 ----a-w- c:\temp\HousecallLauncher(2).exe
2010-09-04 18:58 . 2010-09-04 18:58 1870496 ----a-w- c:\temp\HousecallLauncher.exe
2010-09-04 18:01 . 2010-09-16 10:15 -------- d-s---w- c:\documents and settings\Rathe\Temporary Internet Files
2010-09-04 18:01 . 2010-09-04 18:01 -------- d-s---w- c:\documents and settings\Rathe\History
2010-08-30 14:18 . 2010-09-15 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 14:18 . 2010-04-29 19:39 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-08-30 13:58 . 2010-08-30 13:58 6153376 ----a-w- c:\temp\mbam-setup(2).exe
2010-08-30 13:47 . 2010-08-30 13:47 -------- d-----w- c:\documents and settings\Rathe\Application Data\Malwarebytes
2010-08-30 13:46 . 2010-08-30 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-30 13:45 . 2010-08-30 13:45 6153376 ----a-w- c:\temp\mbam-setup.exe
2010-08-27 06:46 . 2010-08-27 06:46 -------- d-----w- c:\documents and settings\admin\Application Data\Neoteris
2010-08-27 06:29 . 2010-08-27 06:29 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSWPABXS
2010-08-27 06:28 . 2010-08-27 07:42 -------- d-sh--w- c:\documents and settings\All Users\Application Data\6065b69
2010-08-27 06:16 . 2010-08-27 06:16 79360 --sha-r- c:\winnt\system32\hlp95enl.dll
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\winnt\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 09:47 . 2003-10-07 14:43 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 09:47 . 2010-09-16 09:47 61440 ----a-w- c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6d1c369c-n\decora-sse.dll
2010-09-16 09:47 . 2010-09-16 09:47 503808 ----a-w- c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b2b5d97-n\msvcp71.dll
2010-09-16 09:47 . 2010-09-16 09:47 499712 ----a-w- c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b2b5d97-n\jmc.dll
2010-09-16 09:47 . 2010-09-16 09:47 348160 ----a-w- c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b2b5d97-n\msvcr71.dll
2010-09-16 09:47 . 2010-09-16 09:47 12800 ----a-w- c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6d1c369c-n\decora-d3d.dll
2010-09-16 09:47 . 2003-10-07 14:43 -------- d-----w- c:\program files\Java
2010-09-16 07:21 . 2004-02-17 15:17 288 ----a-w- c:\winnt\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2010-09-16 07:21 . 2004-02-17 15:17 288 ----a-w- c:\winnt\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2010-09-16 02:03 . 2004-03-12 21:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-15 03:01 . 2010-09-15 03:01 63488 ----a-w- c:\documents and settings\Rathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-15 03:01 . 2010-09-15 03:01 52224 ----a-w- c:\documents and settings\Rathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-15 03:01 . 2010-09-15 03:01 117760 ----a-w- c:\documents and settings\Rathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-14 14:31 . 2010-09-14 14:31 388096 ----a-r- c:\documents and settings\Rathe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-04 18:36 . 2009-08-12 23:48 -------- d-----w- c:\program files\Max Registry Cleaner
2010-09-04 18:36 . 2004-02-25 03:03 -------- d-----w- c:\program files\Program Shortcuts
2010-09-04 18:16 . 2009-08-12 23:48 123 ----a-w- c:\documents and settings\All Users\Application Data\Max Secure\Max Registry Cleaner\SYSRegC.dll
2010-09-01 19:52 . 2010-09-16 01:52 35136 ----a-w- c:\documents and settings\Rathe\Application Data\Mozilla\Firefox\Profiles\default.qqv\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-01 19:52 . 2010-09-16 01:52 32032 ----a-w- c:\documents and settings\Rathe\Application Data\Mozilla\Firefox\Profiles\default.qqv\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-08-31 22:22 . 2009-08-27 17:19 1102336 ----a-w- c:\winnt\system32\CheckDll.dll
2010-08-27 06:53 . 2009-10-14 00:00 -------- d-----w- c:\program files\Max Spyware Detector
2010-08-25 16:11 . 2009-06-05 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2010-08-17 13:17 . 1980-01-01 06:00 58880 ----a-w- c:\winnt\system32\spoolsv.exe
2010-08-13 13:13 . 2010-08-27 21:32 66112 ----a-w- c:\documents and settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_Helper_3004.dll
2010-08-13 13:13 . 2010-08-27 21:32 35136 ----a-w- c:\documents and settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-08-13 13:13 . 2010-08-27 21:32 328080 ----a-w- c:\documents and settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe
2010-08-13 13:13 . 2010-08-27 21:32 32032 ----a-w- c:\documents and settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-07-22 15:49 . 2004-06-21 01:00 590848 ----a-w- c:\winnt\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 12:43 5120 ----a-w- c:\winnt\system32\xpsp4res.dll
2010-06-30 12:31 . 1980-01-01 06:00 149504 ----a-w- c:\winnt\system32\schannel.dll
2010-06-24 12:10 . 2004-12-07 21:37 667136 ----a-w- c:\winnt\system32\wininet.dll
2010-06-24 12:10 . 2004-08-04 07:56 81920 ------w- c:\winnt\system32\ieencode.dll
2010-06-23 13:44 . 1980-01-01 06:00 1851904 ----a-w- c:\winnt\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 06:00 354304 ----a-w- c:\winnt\system32\drivers\srv.sys
2010-06-18 17:45 . 1980-01-01 06:00 293376 ----a-w- c:\winnt\system32\winsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-01-21 28672]
"NvCplDaemon"="c:\winnt\System32\NvCpl.dll" [2003-11-17 3022848]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-23 615696]
"RCAutoLiveUpdate"="c:\program files\Max Registry Cleaner\MaxLURC.exe" [2010-02-12 761800]
"RCSystemTray"="c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe" [2010-02-12 651208]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2009-10-10 800688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-01-04 19:17 1937408 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\winnt\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2004-11-12 01:50 212992 ----a-w- c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [9/4/2010 3:08 PM 217032]
R1 Neofltr;Neoteris TDI Filter - Layered Version;c:\winnt\system32\drivers\NEOFLTR.sys [8/13/2004 11:19 PM 50349]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 SDManager;SDManager;c:\program files\Max Spyware Detector\SDManager.sys [10/13/2009 8:00 PM 25520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/4/2010 3:10 PM 112592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [9/15/2010 5:23 AM 38224]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\winnt\System32\svchost.exe -k nosGetPlusHelper [1/1/1980 2:00 AM 14336]
S3 scsiscan;SCSI Scanner Driver;c:\winnt\system32\drivers\scsiscan.sys [3/13/2004 5:58 PM 11520]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-15 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2004-02-26 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]
2004-03-05 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]
2004-02-25 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.net
uInternet Connection Wizard,ShellNext = hxxp://housecall.trendmicro.com/
LSP: c:\program files\Neoteris\Secure Application Manager\gapsp.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Rathe\Application Data\Mozilla\Firefox\Profiles\default.qqv\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search/?fr=ffds1&p=
FF - plugin: c:\documents and settings\Rathe\Application Data\Mozilla\Firefox\Profiles\default.qqv\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-POINTER - point32.exe
Notify-SDNotify - c:\program files\Max Spyware Detector\SDNotify.dll
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
AddRemove-4AF3F682-FE2A-488D-A11C-A0470A325E93 - c:\program files\WildTangent\Apps\GameChannel\Games\4AF3F682-FE2A-488D-A11C-A0470A325E93\Uninstall.exe
AddRemove-5A137FCB-35EA-4849-8239-AFEBD2F45B3B - c:\program files\WildTangent\Apps\GameChannel\Games\5A137FCB-35EA-4849-8239-AFEBD2F45B3B\Uninstall.exe
AddRemove-618CD711-AFB3-4EB4-9B48-ABD2AB370B21 - c:\program files\WildTangent\Apps\GameChannel\Games\618CD711-AFB3-4EB4-9B48-ABD2AB370B21\Uninstall.exe
AddRemove-70216ACD-1547-44E5-8966-615BE9569EAD - c:\program files\WildTangent\Apps\GameChannel\Games\70216ACD-1547-44E5-8966-615BE9569EAD\Uninstall.exe
AddRemove-97D31CB6-F2B5-4875-B6B0-8AF75AC414DB - c:\program files\WildTangent\Apps\GameChannel\Games\97D31CB6-F2B5-4875-B6B0-8AF75AC414DB\Uninstall.exe
AddRemove-A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24 - c:\program files\WildTangent\Apps\GameChannel\Games\A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24\Uninstall.exe
AddRemove-AA4162B8-1BB1-4110-8F93-0092D4DEF122 - c:\program files\WildTangent\Apps\GameChannel\Games\AA4162B8-1BB1-4110-8F93-0092D4DEF122\Uninstall.exe
AddRemove-ADFCE1E4-A420-437C-998D-EAF04E3601BE - c:\program files\WildTangent\Apps\GameChannel\Games\ADFCE1E4-A420-437C-998D-EAF04E3601BE\Uninstall.exe
AddRemove-BECB8A74-E07D-44A1-813D-1E390EB3047B - c:\program files\WildTangent\Apps\GameChannel\Games\BECB8A74-E07D-44A1-813D-1E390EB3047B\Uninstall.exe
AddRemove-C4D2212B-5331-470D-9BF7-96DB25A398C7 - c:\program files\WildTangent\Apps\GameChannel\Games\C4D2212B-5331-470D-9BF7-96DB25A398C7\Uninstall.exe
AddRemove-Creative Driver - c:\winnt\System32\ctdrvins
AddRemove-UnrealTournament - c:\unrealtournament\System\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 06:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(812)
c:\program files\Neoteris\Secure Application Manager\gapsp.dll
.
Completion time: 2010-09-16 06:21:23
ComboFix-quarantined-files.txt 2010-09-16 10:21
Pre-Run: 49,376,104,448 bytes free
Post-Run: 50,765,930,496 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - D0551782B2E09ABB9D7F2F6E981D5CE9
-
but still can't install reader. Where do I go from here? Thanks again.
Please remind me to deal with this later.
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry. (Max Registry Cleaner)
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
*****************************************
* Download the following tool: RootRepeal - Rootkit Detector (http://rootrepeal.googlepages.com/)
* Direct download link is here: RootRepeal.zip (http://rootrepeal.googlepages.com/RootRepeal.zip)
* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of such programs and how to disable them.
* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
-
here is the root repeal log. I think we are getting somewhere it will finally let me open my antivirus software, still can't get adobe reader but I'm sure that will come later. Thanks.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/16 19:27
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: catchme.sys
Image Path: C:\WINNT\TEMP\catchme.sys
Address: 0xF60FE000 Size: 31744 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xF60A6000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B1F000 Size: 8192 File Visible: No Signed: -
Status: -
Name: mbr.sys
Image Path: C:\WINNT\TEMP\mbr.sys
Address: 0xF8947000 Size: 20864 File Visible: No Signed: -
Status: -
Name: PROCEXP113.SYS
Image Path: C:\WINNT\system32\Drivers\PROCEXP113.SYS
Address: 0xF8AD1000 Size: 7872 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINNT\system32\drivers\rootrepeal.sys
Address: 0xF6368000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\bookmarkbackups\bookmarks-2010-08-26.json
Status: Visible to the Windows API, but not on disk.
==EOF==
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
here is the eset scan log. I will also send you another log of what my av software found , quarantined but will not let me delete.
eset
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\2VQNYT67\107ab7a72f6e8abaaac9416e63eb72aa0bab3015511[2].js JS/Fraud.NAB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4713YEZX\www1.my-protection11[1].htm HTML/TrojanDownloader.FraudLoad.NAC.Gen trojan cleaned by deleting - quarantined
C:\Program Files\Max Spyware Detector\LiveUpdate.exe a variant of Win32/MaxPCsecure application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP9\A0005700.exe a variant of Win32/MaxPCsecure application cleaned by deleting - quarantined
C:\temp\spywaredetector.exe a variant of Win32/MaxPCsecure application deleted - quarantined
symantec log.
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\2VQNYT67\107ab7a72f6e8abaaac9416e63eb72aa0bab3015511[2].js JS/Fraud.NAB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4713YEZX\www1.my-protection11[1].htm HTML/TrojanDownloader.FraudLoad.NAC.Gen trojan cleaned by deleting - quarantined
C:\Program Files\Max Spyware Detector\LiveUpdate.exe a variant of Win32/MaxPCsecure application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP9\A0005700.exe a variant of Win32/MaxPCsecure application cleaned by deleting - quarantined
C:\temp\spywaredetector.exe a variant of Win32/MaxPCsecure application deleted - quarantined
Thanks again. Look forward to hearing any more suggestions.
-
Everything looks good. If there are no further issues, it's time for some cleanup.
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
*********************************
Download OTC by OldTimer (http://oldtimer.geekstogo.com/OTC.exe) and save it to your desktop.
1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.
************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Dave,
Thanks for everything so far. I think everything is working better now. I do still have 1 problem and that is the system still won't allow me to install adobe reader. This is the error message.
Error 1402 could not open key.
hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imail.
verify that you have sufficient access to that key.
Please help.
Thanks again
-
Do you have Spyware Doctor or Spysweeper installed on your computer?
-
yes both. Do I need to disable them?
-
Could you please disable both of them and try updating Adobe?
-
tried that. I also tried the fix that adobe had listed on their site. Neither one of them worked. I am also getting a message that is telling me that flash player is not updated, although the install for that was successful and shows that it is running version 10x. I think there may still be some sort of virus or spyware messing things up. Nothing is showing up on any of the virus or anti spyware programs. Is it possible that they messed up the registry keys and they need to be fixed? I obviously don't know what to do here.
Thanks again for your help.
-
Ok. The first thing we will try is to remove all traces of Adobe from your computer and download and install a new version. Please let me know how it goes.
-
still not working. I uninstalled everything from adobe I had on my cpu. I still get the same error message. Flash player reinstalled correctly but that was it.
Any other things I can try would be helpful. I will be away until monday so take your time please.
Thanks again
-
Ok. Let's try this. Warning. Please do only what the instructions say. Do not delete or change anything.
1) Open the registry editor by selecting "Run" from the start menu and then typing in "regedit".
2) Browse through the registry for hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imail.
3) Right-Click on imail and choose "Permissions..." and tell me what the Security group or user names say.
-
it says that everyone has full access.
I went through that from adobes site fixes.
anything else?
-
I will have to check with someone on this. Please be patient.
-
Scan Suspicious File(s)
Please go to VirusTotal.com (http://www.virustotal.com/en/indexf.html)
(If more than one file needs scanned they must be done separately and logs posted for each one)
1. Copy the file path in the below Code box:
c:\winnt\system32\CheckDll.dll
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply.
Important! If you get a page that says 'File has already been analysed' in the results then you will need to click the 'Show last report' button to get new scan results.
-
here is the scan result.
File name: checkdll.dll
Submission date: 2010-09-17 12:22:46 (UTC)
Current status: finished
Result: 0 /43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.17.02 2010.09.17 -
AntiVir 8.2.4.52 2010.09.17 -
Antiy-AVL 2.0.3.7 2010.09.17 -
Authentium 5.2.0.5 2010.09.17 -
Avast 4.8.1351.0 2010.09.17 -
Avast5 5.0.594.0 2010.09.17 -
AVG 9.0.0.851 2010.09.17 -
BitDefender 7.2 2010.09.17 -
CAT-QuickHeal 11.00 2010.09.17 -
ClamAV 0.96.2.0-git 2010.09.17 -
Comodo 6109 2010.09.17 -
DrWeb 5.0.2.03300 2010.09.17 -
Emsisoft 5.0.0.37 2010.09.17 -
eSafe 7.0.17.0 2010.09.17 -
eTrust-Vet 36.1.7861 2010.09.17 -
F-Prot 4.6.1.107 2010.09.16 -
F-Secure 9.0.15370.0 2010.09.17 -
Fortinet 4.1.143.0 2010.09.17 -
GData 21 2010.09.17 -
Ikarus T3.1.1.88.0 2010.09.17 -
Jiangmin 13.0.900 2010.09.17 -
K7AntiVirus 9.63.2533 2010.09.16 -
Kaspersky 7.0.0.125 2010.09.17 -
McAfee 5.400.0.1158 2010.09.17 -
McAfee-GW-Edition 2010.1C 2010.09.17 -
Microsoft 1.6201 2010.09.17 -
NOD32 5457 2010.09.17 -
Norman 6.06.06 2010.09.17 -
nProtect 2010-09-17.01 2010.09.17 -
Panda 10.0.2.7 2010.09.17 -
PCTools 7.0.3.5 2010.09.17 -
Prevx 3.0 2010.09.17 -
Rising 22.65.04.01 2010.09.17 -
Sophos 4.57.0 2010.09.17 -
Sunbelt 6887 2010.09.17 -
SUPERAntiSpyware 4.40.0.1006 2010.09.17 -
Symantec 20101.1.1.7 2010.09.17 -
TheHacker 6.7.0.0.020 2010.09.17 -
TrendMicro 9.120.0.1004 2010.09.17 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.17 -
VBA32 3.12.14.0 2010.09.17 -
ViRobot 2010.8.25.4006 2010.09.17 -
VirusBuster 12.65.10.0 2010.09.16 -
Additional informationShow all
MD5 : 368a4d2c82d64f5db71246492881e843
SHA1 : 3f30ef2dde88644b82184a4e13fa383ee0f7fa9 0
SHA256: 67fa8e2a819960ed7d70fa1248bf6353609c64a b1e14c9707433be0c1ac61041
ssdeep: 24576:+0TjlA5ETBywpAm1RXKzmH/yI/nucBX4wHN/zsa:+0jlA5ENyYAyXKzmHJnu7A/z
File size : 1102336 bytes
First seen: 2010-09-17 12:22:46
Last seen : 2010-09-17 12:22:46
Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
TrID:
Windows OCX File (46.2%)
Win64 Executable Generic (32.0%)
Win32 Executable MS Visual C++ (generic) (14.1%)
Win32 Executable Generic (3.1%)
Win32 Dynamic Link Library (generic) (2.8%)
sigcheck:
publisher....: Max Secure Software
copyright....: (c) Max Secure Software 2009. All rights reserved.
product......: Max Secure Software
description..: Max Secure Software Check Dll
original name: CheckDll.Dll
internal name: CheckDll.Dll
file version.: 4, 0, 0, 10
comments.....: Component of Max Secure Software
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x85EB0
timedatestamp....: 0x4C7CFB25 (Tue Aug 31 12:52:53 2010)
machinetype......: 0x14C (Intel I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBBC2C, 0xBBE00, 6.51, 23c67c3fa3f210516a8b622a91f22d60
.rdata, 0xBD000, 0x2EFDA, 0x2F000, 4.87, d7c346a08dafb36a348ebb1cc2884785
.data, 0xEC000, 0x9248, 0x5000, 4.95, 3d83f93a0cadb9c452b8046d98e042ed
.rsrc, 0xF6000, 0x11258, 0x11400, 5.85, fbbf4b9c44c9ee75903525c5f49c3e10
.reloc, 0x108000, 0xBBE8, 0xBC00, 6.62, 607826c47dc10df0f484470b744248d8
[[ 14 import(s) ]]
advapi32.dll: LockServiceDatabase, ChangeServiceConfig2W, UnlockServiceDatabase, RegisterServiceCtrlHandlerW, SetServiceStatus, EqualSid, QueryServiceConfigW, DeleteService, QueryServiceStatus, StartServiceCtrlDispatcherW, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, LookupAccountSidW, ImpersonateLoggedOnUser, CreateProcessAsUserW, RevertToSelf, RegEnumKeyW, RegGetKeySecurity, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegSetKeySecurity, RegUnLoadKeyW, RegLoadKeyW, RegRestoreKeyW, RegSaveKeyW, RegOpenKeyW, RegEnumValueW, RegDeleteValueW, RegEnumKeyExW, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, LookupPrivilegeValueW, AdjustTokenPrivileges, OpenProcessToken, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetCurrentHwProfileW, StartServiceW, CreateServiceW, RegDeleteKeyW, RegCreateKeyExW, RegSetValueExW, RegCloseKey, OpenSCManagerW, OpenServiceW, ControlService, CloseServiceHandle, RegSetValueW, RegQueryValueW
comctl32.dll: _TrackMouseEvent
comdlg32.dll: GetFileTitleW
gdi32.dll: GetBkColor, StretchDIBits, CreateFontW, GetCharWidthW, GetTextMetricsW, GetTextExtentPoint32W, DPtoLP, PatBlt, GetMapMode, SetRectRgn, CreateRectRgnIndirect, CreateHatchBrush, ExtCreatePen, CreatePen, PlayMetaFile, EnumMetaFile, GetObjectType, SelectPalette, CreatePatternBrush, CreateDIBPatternBrushPt, ExtSelectClipRgn, PolyBezierTo, PolylineTo, PolyDraw, ArcTo, GetCurrentPositionEx, ScaleWindowExtEx, SetWindowExtEx, OffsetWindowOrgEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, StartDocW, GetWindowExtEx, GetViewportExtEx, SelectClipPath, GetClipRgn, SetColorAdjustment, SetArcDirection, SetMapperFlags, SetTextCharacterExtra, SetTextJustification, SetTextAlign, MoveToEx, LineTo, OffsetClipRgn, IntersectClipRect, ExcludeClipRect, SetMapMode, ModifyWorldTransform, SetWorldTransform, SetGraphicsMode, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, RestoreDC, SaveDC, CreateBitmap, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, CreateDCW, CopyMetaFileW, GetPixel, CreateRectRgn, CombineRgn, SelectClipRgn, StretchBlt, CreateCompatibleDC, CreateCompatibleBitmap, GetDeviceCaps, BitBlt, SelectObject, DeleteDC, DeleteObject, GetObjectW, CreateFontIndirectW, CreateRoundRectRgn, GetStockObject, CreateSolidBrush, PlayMetaFileRecord
kernel32.dll: GlobalAddAtomW, GetModuleHandleA, lstrcmpA, lstrlenA, GetStringTypeExW, GetThreadLocale, lstrcmpiW, LockFile, UnlockFile, SetEndOfFile, DuplicateHandle, GetFullPathNameW, GetShortPathNameW, GetFileAttributesExW, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileTime, GetFileSizeEx, GetFileTime, LeaveCriticalSection, TlsGetValue, EnterCriticalSection, GlobalReAlloc, GlobalHandle, InitializeCriticalSection, TlsAlloc, TlsSetValue, LocalReAlloc, DeleteCriticalSection, TlsFree, SetThreadPriority, ResumeThread, SetEvent, SuspendThread, CreateEventW, GlobalGetAtomNameW, GetAtomNameW, InterlockedIncrement, GlobalFlags, InterlockedExchange, CompareStringA, EnumResourceLanguagesW, ConvertDefaultLocale, GetCurrentThread, GetCurrentDirectoryW, RtlUnwind, GetSystemTimeAsFileTime, RaiseException, UnhandledExceptionFilter, GlobalFindAtomW, GetCommandLineA, SetEnvironmentVariableW, SetCurrentDirectoryW, HeapReAlloc, ExitThread, CreateThread, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringW, GetConsoleCP, GetConsoleMode, FatalAppExitA, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, HeapCreate, HeapDestroy, GetStdHandle, GetModuleFileNameA, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetCurrentDirectoryA, SetCurrentDirectoryA, GetDriveTypeA, GetFullPathNameA, SetConsoleCtrlHandler, InitializeCriticalSectionAndSpinCount, LCMapStringA, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA, SetEnvironmentVariableA, GlobalDeleteAtom, CompareStringW, LoadLibraryA, lstrcmpW, GetVersionExA, FindFirstFileW, FileTimeToLocalFileTime, FileTimeToSystemTime, FindNextFileW, FindClose, GlobalSize, UnmapViewOfFile, CreateFileMappingW, MapViewOfFile, SetVolumeLabelW, GetDiskFreeSpaceW, WideCharToMultiByte, VirtualProtect, VirtualFree, VirtualAlloc, FlushFileBuffers, SetFilePointer, HeapFree, GetProcessHeap, HeapAlloc, WritePrivateProfileStringW, MulDiv, FreeResource, GlobalLock, GlobalUnlock, GetTickCount, RemoveDirectoryW, SetLastError, CreateProcessW, WaitForSingleObject, GetFileSize, ReadFile, WriteFile, MoveFileExW, GetTempFileNameW, GlobalAlloc, GlobalFree, GetLocalTime, GetCurrentThreadId, GetCurrentProcessId, SetErrorMode, SetUnhandledExceptionFilter, GetDiskFreeSpaceExW, WinExec, Process32FirstW, Process32NextW, CreateToolhelp32Snapshot, ExitProcess, CreateRemoteThread, GetLongPathNameW, OpenProcess, TerminateProcess, GetModuleFileNameW, CreateFileW, DeviceIoControl, CloseHandle, FormatMessageW, LocalAlloc, LocalFree, InterlockedDecrement, GetCurrentProcess, GetEnvironmentVariableW, GetTempPathW, GetSystemDirectoryW, GlobalMemoryStatus, GetSystemDefaultLCID, GetLocaleInfoW, OutputDebugStringA, GetWindowsDirectoryW, GetVolumeInformationW, GetComputerNameW, GetVersionExW, GetSystemInfo, GetPrivateProfileIntW, GetPrivateProfileStringW, LoadLibraryW, FreeLibrary, GetLogicalDrives, GetDriveTypeW, SetFileAttributesW, Sleep, CopyFileW, GetFileAttributesW, GetLastError, LoadResource, LockResource, SizeofResource, FindResourceW, MultiByteToWideChar, GetModuleHandleW, GetProcAddress, lstrlenW, OutputDebugStringW, CreateDirectoryW, MoveFileW, DeleteFileW, IsDebuggerPresent
ole32.dll: OleDuplicateData, CoTreatAsClass, StringFromCLSID, CoTaskMemAlloc, ReleaseStgMedium, StringFromGUID2, ReadClassStg, ReadFmtUserTypeStg, OleRegGetUserType, WriteClassStg, WriteFmtUserTypeStg, SetConvertStg, CoTaskMemFree, CreateStreamOnHGlobal, CoInitializeEx, CoInitializeSecurity, CoCreateInstance, CoSetProxyBlanket, CoUninitialize, CLSIDFromString, CoDisconnectObject, CreateBindCtx
oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
shell32.dll: SHAppBarMessage, DragQueryFileW, ShellExecuteW, SHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteExW, ExtractIconW, SHGetFileInfoW, DragFinish
shfolder.dll: SHGetFolderPathW
shlwapi.dll: PathRemoveExtensionW, PathRemoveFileSpecW, PathFileExistsW, StrStrIW, PathIsDirectoryW, PathStripToRootW, PathIsUNCW, PathFindFileNameW, PathFindExtensionW
user32.dll: SetCapture, EnableWindow, GetSystemMetrics, LockWindowUpdate, GetDCEx, UnionRect, SetParent, GetSystemMenu, IsRectEmpty, MapVirtualKeyW, GetKeyNameTextW, KillTimer, SetTimer, UnpackDDElParam, ReuseDDElParam, GetMenuBarInfo, LoadAcceleratorsW, InsertMenuItemW, CreatePopupMenu, BringWindowToTop, TranslateAcceleratorW, DeleteMenu, ShowOwnedPopups, SetCursor, SetRectEmpty, DestroyIcon, IsIconic, wsprintfW, FindWindowExW, GetParent, GetNextDlgGroupItem, PostMessageW, ReleaseCapture, LoadImageW, GetCapture, GetCursorPos, WindowFromPoint, DrawEdge, OffsetRect, DrawFocusRect, GetWindowLongW, LoadStringW, FindWindowW, SystemParametersInfoW, CopyRect, FillRect, GetDC, ReleaseDC, SetRect, InvalidateRect, GetSysColor, GetProcessWindowStation, OpenWindowStationW, SetProcessWindowStation, CloseWindowStation, OpenDesktopW, CloseDesktop, ExitWindowsEx, EndDeferWindowPos, LoadBitmapW, IsZoomed, BeginDeferWindowPos, DeferWindowPos, SendMessageW, GetClientRect, SetWindowRgn, GetWindowRect, GetDesktopWindow, ClientToScreen, LoadIconW, PostQuitMessage, DestroyMenu, GetMenuItemInfoW, GetDialogBaseUnits, LoadCursorW, GetSysColorBrush, UnregisterClassW, GetMessageW, OemToCharBuffA, CharToOemBuffA, RemoveMenu, GetSubMenu, GetMenuItemCount, InsertMenuW, GetMenuItemID, AppendMenuW, GetMenuStringW, GetMenuState, EndDialog, GetNextDlgTabItem, IsWindowEnabled, GetDlgItem, IsWindow, DestroyWindow, CreateDialogIndirectParamW, SetActiveWindow, GetActiveWindow, GetWindow, GetWindowPlacement, MessageBoxW, SystemParametersInfoA, IntersectRect, SetWindowPos, SetWindowLongW, GetMenu, PtInRect, CallWindowProcW, DefWindowProcW, GetDlgCtrlID, SetWindowPlacement, SetScrollInfo, GetScrollInfo, EqualRect, ScreenToClient, AdjustWindowRectEx, RegisterClassW, GetClassInfoW, GetClassInfoExW, CreateWindowExW, UpdateWindow, IsWindowVisible, ShowScrollBar, SetForegroundWindow, GetScrollPos, SetScrollPos, GetScrollRange, SetScrollRange, SetMenu, GetKeyState, TrackPopupMenu, TrackPopupMenuEx, ScrollWindow, MapWindowPoints, PeekMessageW, GetMessagePos, GetMessageTime, UnhookWindowsHookEx, GetTopWindow, DispatchMessageW, GetLastActivePopup, GetForegroundWindow, GetWindowTextW, GetWindowTextLengthW, SetFocus, GetFocus, RemovePropW, GetPropW, SetPropW, GetClassNameW, GetClassLongW, CallNextHookEx, SetWindowsHookExW, IsChild, WinHelpW, SendDlgItemMessageA, SendDlgItemMessageW, RegisterWindowMessageW, CheckMenuItem, EnableMenuItem, ModifyMenuW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, CheckDlgButton, CheckRadioButton, GetDlgItemInt, GetDlgItemTextW, SetDlgItemInt, SetDlgItemTextW, IsDlgButtonChecked, IsDialogMessageW, SetWindowTextW, MoveWindow, ShowWindow, ScrollWindowEx, TabbedTextOutW, DrawTextW, DrawTextExW, GrayStringW, GetWindowDC, BeginPaint, EndPaint, GetWindowThreadProcessId, LoadMenuW, InflateRect, CharUpperW, ValidateRect, TranslateMessage
winspool.drv: DocumentPropertiesW, OpenPrinterW, ClosePrinter
wintrust.dll: WinVerifyTrust
ws2_32.dll: -, -, -, -, -
[[ 20 export(s) ]]
CheckFor64OS, CloseAll, CopyAndCryptFileDB, CreateWow6432NodeKey, DLLCloseFunction, DLLFunction, DeleteOldSetupFiles, DeleteWow6432bitNodeKey, DisplayLiveUpdateMessage, EncryptDB, EncryptFullDB, InstallActMonDriver, InstallDriver, InstallService, RestartMachine, RestartMachineWithPopUp, ShellExecuteAppWithParam, StartDriver, StopService, UpdateFICDB
Symantec reputation:Suspicious.Insight
-
Re-run MBAM:
Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
-
here is the mbam log. I have been running this daily and have not found anything since the first running.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4734
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
10/2/2010 10:42:34 PM
mbam-log-2010-10-02 (22-42-34).txt
Scan type: Quick scan
Objects scanned: 198178
Time elapsed: 10 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Edited.
-
What browser are you using to download Adobe updates?
-
I have tried both internet explorer and firefox. They both will download and start to install reader than it fails towards the end stating that I don't have the rights. Flash player appears to install correctly but every website I go to states that it is not installed.
Error 1402 could not open key.
hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imail.
verify that you have sufficient access to that key.
-
Edited.
-
Ignore the above post
-
You could try creating a new user account and see if it works ok. If so then transfer over documents and settings then delete the old account. Perhaps it would be best to start a new thread in the software forum. I'm quite sure it's not malware related.
-
Virus and mallware are creating big problem for a new computer users. I am not new user but i don't have enough idea about virus. How to enter the virus in our system. What it do with our system.
If some one guide me about virus. It is my pleasure
Thanks in advance.
-
thanks Dave. I will try to do this. If it does not work I will create a post in software. Again thank you for all your help.