Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: how do I remove a virus/spyware  (Read 18518 times)

0 Members and 1 Guest are viewing this topic.

smootr9

    Topic Starter


    Rookie

    how do I remove a virus/spyware
    « on: September 13, 2010, 10:17:53 PM »
    I have a virus or nasty spyware that I can't remove do to the fact that I can't install anything. It also won't let me run my antivirus or spyware programs. Please help. I am totally frustrated at this point.
    Windows xp pro. sp2
    norton antivirus.
    spybot and ad aware

    harry 48



      Egghead

    • lay back , relax and chill out
    • Thanked: 129
      • Yes
      • Yes
      • Yes
      • Dribbling Pensioner
    • Certifications: List
    • Experience: Familiar
    • OS: Windows 7
    Re: how do I remove a virus/spyware
    « Reply #1 on: September 14, 2010, 05:03:47 AM »
    go here and TRY and download hjt and re-name to snipper.exe , run and post the log

    http://www.computerhope.com/forum/index.php/topic,46313.0.html

    smootr9

      Topic Starter


      Rookie

      Re: how do I remove a virus/spyware
      « Reply #2 on: September 14, 2010, 08:12:18 AM »
      here is the log file from hjt.
      The software posted that it could not write host file. That is the only message that I got.

      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 10:34:33 AM, on 9/14/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINNT\System32\smss.exe
      C:\WINNT\system32\winlogon.exe
      C:\WINNT\system32\services.exe
      C:\WINNT\system32\lsass.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINNT\system32\spoolsv.exe
      C:\WINNT\system32\rundll32.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
      C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINNT\System32\svchost.exe
      C:\WINNT\Explorer.EXE
      C:\WINNT\system32\CTHELPER.EXE
      C:\Program Files\Microsoft Hardware\Mouse\point32.exe
      C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
      C:\WINNT\System32\svchost.exe
      C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
      C:\Program Files\Max Spyware Detector\MaxSDTray.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINNT\system32\ctfmon.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINNT\system32\msiexec.exe
      C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://housecall.trendmicro.com/
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O1 - Hosts: 74.125.45.100 4-open-davinci.com
      O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
      O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
      O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
      O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
      O1 - Hosts: 74.125.45.100 secure-plus-payments.com
      O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
      O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
      O1 - Hosts: 74.125.45.100 www.getavplusnow.com
      O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
      O1 - Hosts: 74.125.45.100 urs.microsoft.com
      O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
      O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
      O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
      O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
      O1 - Hosts: 216.45.48.244 www.google.com
      O1 - Hosts: 216.45.48.244 google.com
      O1 - Hosts: 216.45.48.244 google.com.au
      O1 - Hosts: 216.45.48.244 www.google.com.au
      O1 - Hosts: 216.45.48.244 google.be
      O1 - Hosts: 216.45.48.244 www.google.be
      O1 - Hosts: 216.45.48.244 google.com.br
      O1 - Hosts: 216.45.48.244 www.google.com.br
      O1 - Hosts: 216.45.48.244 google.ca
      O1 - Hosts: 216.45.48.244 www.google.ca
      O1 - Hosts: 216.45.48.244 google.ch
      O1 - Hosts: 216.45.48.244 www.google.ch
      O1 - Hosts: 216.45.48.244 google.de
      O1 - Hosts: 216.45.48.244 www.google.de
      O1 - Hosts: 216.45.48.244 www.google.dk
      O1 - Hosts: 216.45.48.244 google.fr
      O1 - Hosts: 216.45.48.244 www.google.fr
      O1 - Hosts: 216.45.48.244 google.ie
      O1 - Hosts: 216.45.48.244 www.google.ie
      O1 - Hosts: 216.45.48.244 google.it
      O1 - Hosts: 216.45.48.244 www.google.it
      O1 - Hosts: 216.45.48.244 google.co.jp
      O1 - Hosts: 216.45.48.244 www.google.co.jp
      O1 - Hosts: 216.45.48.244 google.nl
      O1 - Hosts: 216.45.48.244 www.google.nl
      O1 - Hosts: 216.45.48.244 google.no
      O1 - Hosts: 216.45.48.244 www.google.no
      O1 - Hosts: 216.45.48.244 google.co.nz
      O1 - Hosts: 216.45.48.244 www.google.co.nz
      O1 - Hosts: 216.45.48.244 google.pl
      O1 - Hosts: 216.45.48.244 www.google.pl
      O1 - Hosts: 216.45.48.244 google.se
      O1 - Hosts: 216.45.48.244 www.google.se
      O1 - Hosts: 216.45.48.244 google.co.uk
      O1 - Hosts: 216.45.48.244 www.google.co.uk
      O1 - Hosts: 216.45.48.244 google.co.za
      O1 - Hosts: 216.45.48.244 www.google.co.za
      O1 - Hosts: 216.45.48.244 www.bing.com
      O1 - Hosts: 216.45.48.244 search.yahoo.com
      O1 - Hosts: 216.45.48.244 www.search.yahoo.com
      O1 - Hosts: 216.45.48.244 uk.search.yahoo.com
      O1 - Hosts: 216.45.48.244 ca.search.yahoo.com
      O1 - Hosts: 216.45.48.244 de.search.yahoo.com
      O1 - Hosts: 216.45.48.244 fr.search.yahoo.com
      O1 - Hosts: 216.45.48.244 au.search.yahoo.com
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [POINTER] point32.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
      O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLURC.exe -AUTO
      O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
      O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\Max Spyware Detector\MaxSDTray.exe "-AUTO"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [system tool] C:\Program Files\pitwmv\vbnksysguard.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [system tool] C:\Program Files\pitwmv\vbnksysguard.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://connect.bedbath.com/iNotes6W.cab,DanaInfo=.asuquirgptIlppoo8xQu76,CT=java+
      O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://connect.bedbath.com/dana-cached/setup/JuniperSetupSP1.cab
      O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
      O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
      O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
      O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

      --
      End of file - 10130 bytes

      harry 48



        Egghead

      • lay back , relax and chill out
      • Thanked: 129
        • Yes
        • Yes
        • Yes
        • Dribbling Pensioner
      • Certifications: List
      • Experience: Familiar
      • OS: Windows 7
      Re: how do I remove a virus/spyware
      « Reply #3 on: September 14, 2010, 12:53:29 PM »
      that worked , now you will have to wait for an expert to help you with the log

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: how do I remove a virus/spyware
      « Reply #4 on: September 14, 2010, 05:30:25 PM »
      Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

      Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

      Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

      Exit out of MessengerDisable then delete the two files that were put on the desktop.

      ********************************************

      Open HijackThis and select Do a system scan only

      Place a check mark next to the following entries: (if there)

      O1 - Hosts: 74.125.45.100 4-open-davinci.com
      O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
      O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
      O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
      O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
      O1 - Hosts: 74.125.45.100 secure-plus-payments.com
      O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
      O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
      O1 - Hosts: 74.125.45.100 www.getavplusnow.com
      O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
      O1 - Hosts: 74.125.45.100 urs.microsoft.com
      O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
      O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
      O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
      O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
      O1 - Hosts: 216.45.48.244 www.google.com
      O1 - Hosts: 216.45.48.244 google.com
      O1 - Hosts: 216.45.48.244 google.com.au
      O1 - Hosts: 216.45.48.244 www.google.com.au
      O1 - Hosts: 216.45.48.244 google.be
      O1 - Hosts: 216.45.48.244 www.google.be
      O1 - Hosts: 216.45.48.244 google.com.br
      O1 - Hosts: 216.45.48.244 www.google.com.br
      O1 - Hosts: 216.45.48.244 google.ca
      O1 - Hosts: 216.45.48.244 www.google.ca
      O1 - Hosts: 216.45.48.244 google.ch
      O1 - Hosts: 216.45.48.244 www.google.ch
      O1 - Hosts: 216.45.48.244 google.de
      O1 - Hosts: 216.45.48.244 www.google.de
      O1 - Hosts: 216.45.48.244 www.google.dk
      O1 - Hosts: 216.45.48.244 google.fr
      O1 - Hosts: 216.45.48.244 www.google.fr
      O1 - Hosts: 216.45.48.244 google.ie
      O1 - Hosts: 216.45.48.244 www.google.ie
      O1 - Hosts: 216.45.48.244 google.it
      O1 - Hosts: 216.45.48.244 www.google.it
      O1 - Hosts: 216.45.48.244 google.co.jp
      O1 - Hosts: 216.45.48.244 www.google.co.jp
      O1 - Hosts: 216.45.48.244 google.nl
      O1 - Hosts: 216.45.48.244 www.google.nl
      O1 - Hosts: 216.45.48.244 google.no
      O1 - Hosts: 216.45.48.244 www.google.no
      O1 - Hosts: 216.45.48.244 google.co.nz
      O1 - Hosts: 216.45.48.244 www.google.co.nz
      O1 - Hosts: 216.45.48.244 google.pl
      O1 - Hosts: 216.45.48.244 www.google.pl
      O1 - Hosts: 216.45.48.244 google.se
      O1 - Hosts: 216.45.48.244 www.google.se
      O1 - Hosts: 216.45.48.244 google.co.uk
      O1 - Hosts: 216.45.48.244 www.google.co.uk
      O1 - Hosts: 216.45.48.244 google.co.za
      O1 - Hosts: 216.45.48.244 www.google.co.za
      O1 - Hosts: 216.45.48.244 www.bing.com
      O1 - Hosts: 216.45.48.244 search.yahoo.com
      O1 - Hosts: 216.45.48.244 www.search.yahoo.com
      O1 - Hosts: 216.45.48.244 uk.search.yahoo.com
      O1 - Hosts: 216.45.48.244 ca.search.yahoo.com
      O1 - Hosts: 216.45.48.244 de.search.yahoo.com
      O1 - Hosts: 216.45.48.244 fr.search.yahoo.com
      O1 - Hosts: 216.45.48.244 au.search.yahoo.com
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      Important: Close all open windows except for HijackThis and then click Fix checked.

      Once completed, exit HijackThis.
      *************************************SUPERAntiSpyware

      If you already have SUPERAntiSpyware be sure to check for updates before scanning!


      Download SuperAntispyware Free Edition (SAS)
      * Double-click the icon on your desktop to run the installer.
      * When asked to Update the program definitions, click Yes
      * If you encounter any problems while downloading the updates, manually download and unzip them from here
      * Next click the Preferences button.

      •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
      * Click the Scanning Control tab.
      * Under Scanner Options make sure only the following are checked:

      •Close browsers before scanning
      •Scan for tracking cookies
      •Terminate memory threats before quarantining
      Please leave the others unchecked

      •Click the Close button to leave the control center screen.

      * On the main screen click Scan your computer
      * On the left check the box for the drive you are scanning.
      * On the right choose Perform Complete Scan
      * Click Next to start the scan. Please be patient while it scans your computer.
      * After the scan is complete a summary box will appear. Click OK
      * Make sure everything in the white box has a check next to it, then click Next
      * It will quarantine what it found and if it asks if you want to reboot, click Yes

      •To retrieve the removal information please do the following:
      •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
      •Click Preferences. Click the Statistics/Logs tab.

      •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

      •It will open in your default text editor (preferably Notepad).
      •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

      * Save the log somewhere you can easily find it. (normally the desktop)
      * Click close and close again to exit the program.
      *Copy and Paste the log in your post.
      ****************************************
      Please download Malwarebytes Anti-Malware from here.

      Double Click mbam-setup.exe to install the application.
      • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, select "Perform Full Scan", then click Scan.
      • The scan may take some time to finish,so please be patient.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Make sure that everything is checked, and click Remove Selected.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
      • Please save the log to a location you will remember.
      • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the entire report in your next reply.
      Extra Note:

      If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
      ************************************
      Download Security Check by screen317 from one of the following links and save it to your desktop.

      Link 1
      Link 2

      * Unzip SecurityCheck.zip and a folder named Security Check should appear.
      * Open the Security Check folder and double-click Security Check.bat
      * Follow the on-screen instructions inside of the black box.
      * A Notepad document should open automatically called checkup.txt
      * Post the contents of that document in your next reply.

      Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
      Windows 8 and Windows 10 dual boot with two SSD's

      smootr9

        Topic Starter


        Rookie

        Re: how do I remove a virus/spyware
        « Reply #5 on: September 15, 2010, 02:55:47 AM »
        here is the sas scan log. Thanks for your help so far. I will continue with the next steps.

        SUPERAntiSpyware Scan Log
        http://www.superantispyware.com

        Generated 09/15/2010 at 00:35 AM

        Application Version : 4.43.1000

        Core Rules Database Version : 5508
        Trace Rules Database Version: 3320

        Scan type       : Complete Scan
        Total Scan Time : 01:30:29

        Memory items scanned      : 431
        Memory threats detected   : 0
        Registry items scanned    : 6976
        Registry threats detected : 1554
        File items scanned        : 95631
        File threats detected     : 682

        Adware.Tracking Cookie
           C:\Documents and Settings\Rathe\Cookies\rathe@myroitracking[2].txt
           C:\Documents and Settings\Rathe\Cookies\[email protected][1].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@19452074[2].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@mediaplex[1].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@atdmt[1].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@liveperson[1].txt
           C:\Documents and Settings\Rathe\Cookies\[email protected][2].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@adbrite[2].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@clicksor[1].txt
           C:\Documents and Settings\Rathe\Cookies\[email protected][1].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@doubleclick[1].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@invitemedia[1].txt
           C:\Documents and Settings\Rathe\Cookies\[email protected][1].txt
           C:\Documents and Settings\Rathe\Cookies\rathe@apmebf[1].txt
           C:\Documents and Settings\Rathe\Cookies\[email protected][2].txt
           .bestsearchfind.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           clicks.bestsearchfind.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           bridge2.admarketplace.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .admarketplace.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           wsclick.infospace.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .overture.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .overture.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .overture.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .advertise.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .adbrite.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .adbrite.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .adbrite.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .adbrite.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           .feed.validclick.com [ C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\4bz7orr4.default\cookies.sqlite ]
           acvs.mediaonenetwork.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           adsatt.espn.go.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           cdn1.eyewonder.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           cdn4.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           future.cerosmedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           googleads.g.doubleclick.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           interclick.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           macromedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           media.resulthost.org [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           media.tattomedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           media1.break.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           objects.tremormedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           oddcast.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           s0.2mdn.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           secure-us.imrworldwide.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           speed.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           static.2mdn.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           static.plymedia.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           static.sexsearch.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           uclick.com [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           udn.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Macromedia\Flash Player\#SharedObjects\CAYJAL46 ]
           .atdmt.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .atdmt.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .roiservice.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .roiservice.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .advertising.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ad.yieldmanager.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .tacoda.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .revsci.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .doubleclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .doubleclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ads.pointroll.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .specificmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           www.ticketsnow.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adserver.adtechus.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .trafficmp.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .a1.interclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .mediaplex.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .mediaplex.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .tribalfusion.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .questionmarket.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .questionmarket.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .imrworldwide.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .imrworldwide.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ads-dev.youporn.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .fastclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .fastclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .fastclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .bs.serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .serving-sys.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .collective-media.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .collective-media.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .collective-media.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .collective-media.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           adserving.cpxinteractive.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .eyewonder.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           cdn4.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           cdn4.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adopt.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adopt.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adopt.specificclick.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .c7.zedo.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .casalemedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .casalemedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .casalemedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .casalemedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .2o7.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ads.bridgetrack.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .247realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .247realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .247realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .247realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           sales.liveperson.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           sales.liveperson.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .deadnetstore.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .deadnetstore.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .iacas.adbureau.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .multimedia.boston.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           multimedia.boston.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .multimedia.boston.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .burstnet.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           www.zenbumedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           stats.gamestop.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           advertiseva.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .insightexpressai.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           media.adrevolver.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           glide.advertserve.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .realmedia.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .kontera.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .kontera.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .kontera.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .chitika.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adopt.euroclick.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .at.atwola.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .atwola.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .indexstats.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .edge.ru4.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ticketsnow.ticketmaster.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           ticketsnow.ticketmaster.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adbrite.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adbrite.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adbrite.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adbrite.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           server.iad.liveperson.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .hitbox.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .ehg-dig.hitbox.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .mediaonenetwork.net [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .centralmediaserver.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .track.bestbuy.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .track.bestbuy.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .track.bestbuy.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .track.cbs.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           rotator.adjuggler.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           rotator.adjuggler.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .dealtime.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           stat.dealtime.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .clickbooth.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           friendlytrack.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           friendlytrack.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           .adtech.de [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           media.mtvnservices.com [ C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\cookies.txt ]
           C:\Documents and Settings\Junior\Cookies\junior@247realmedia[1].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
           C:\Documents and Settings\Junior\Cookies\junior@adrevolver[1].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
           C:\Documents and Settings\Junior\Cookies\junior@advertising[2].txt
           C:\Documents and Settings\Junior\Cookies\junior@advertising[3].txt
           C:\Documents and Settings\Junior\Cookies\junior@apmebf[1].txt
           C:\Documents and Settings\Junior\Cookies\junior@atdmt[1].txt
           C:\Documents and Settings\Junior\Cookies\junior@burstnet[1].txt
           C:\Documents and Settings\Junior\Cookies\junior@casalemedia[1].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
           C:\Documents and Settings\Junior\Cookies\junior@collective-media[1].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
           C:\Documents and Settings\Junior\Cookies\junior@doubleclick[1].txt
           C:\Documents and Settings\Junior\Cookies\junior@doubleclick[3].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
           C:\Documents and Settings\Junior\Cookies\junior@fastclick[1].txt
           C:\Documents and Settings\Junior\Cookies\junior@insightexpressai[1].txt
           C:\Documents and Settings\Junior\Cookies\junior@mediaplex[2].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
           C:\Documents and Settings\Junior\Cookies\junior@onetruemedia[1].txt
           C:\Documents and Settings\Junior\Cookies\junior@pointroll[2].txt
           C:\Documents and Settings\Junior\Cookies\junior@questionmarket[2].txt
           C:\Documents and Settings\Junior\Cookies\junior@realmedia[2].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
           C:\Documents and Settings\Junior\Cookies\junior@specificclick[2].txt
           C:\Documents and Settings\Junior\Cookies\junior@trafficmp[1].txt
           C:\Documents and Settings\Junior\Cookies\junior@tribalfusion[1].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][1].txt
           C:\Documents and Settings\Junior\Cookies\[email protected][2].txt
           C:\Documents and Settings\Junior\Cookies\junior@zedo[2].txt
           adknowledge.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           adsatt.espn.go.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           bc.youporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           cdn-www.pornhub.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           cdn4.specificclick.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           core.insightexpressai.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           files.adbrite.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           files.youporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           flv.teenpinkvideos.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           flvplayer2.hardsextube.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           fuckedhard18.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           fuckedhard18.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           interclick.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           jacksporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           m1.2mdn.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           macromedia.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           maxporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           media.resulthost.org [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           media.tattomedia.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           media1.break.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           mediastore.verizonwireless.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           naiadsystems.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           oddcast.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           pornotube.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           secure-us.imrworldwide.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           static.sexsearch.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           static.sexsearchcom.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           static.youporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           tc-cdn-1.porned.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           teenbff.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           udn.specificclick.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           video.pornorama.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           videos.allelitepass.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           vidii.hardsextube.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           wdw1.wdpromedia.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           web.adknowledge.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.annysxxx.net [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.bdsmplaypen.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.bisexualplayground.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.collegefuckfest.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.freshteen.biz [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.maxporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.mofosex.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.naiadsystems.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.oneclicktube.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.porn8.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.pornhub.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.porntown.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.porntubx.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.pornyo.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           www.ziporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           wwwstatic.megaporn.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           youporn.videobox.com [ C:\Documents and Settings\Rathe\Application Data\Macromedia\Flash Player\#SharedObjects\FRTM7W7K ]
           adknowledge.com [ C:\Documents and Settings\Stephanie\Application Data\Macromedia\Flash Player\#SharedObjects\UNLUGEQD ]
           cdn4.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Macromedia\Flash Player\#SharedObjects\UNLUGEQD ]
           media.scanscout.com [ C:\Documents and Settings\Stephanie\Application Data\Macromedia\Flash Player\#SharedObjects\UNLUGEQD ]
           www.pornhub.com [ C:\Documents and Settings\Stephanie\Application Data\Macromedia\Flash Player\#SharedObjects\UNLUGEQD ]
           .doubleclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           ad.yieldmanager.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           ad.yieldmanager.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           statse.webtrendslive.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .adopt.euroclick.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .edge.ru4.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           media.adrevolver.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           media.adrevolver.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           data.coremetrics.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .iacas.adbureau.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .iacas.adbureau.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .iacas.adbureau.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .iacas.adbureau.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .atdmt.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .advertising.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .fastclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .fastclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .fastclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .mediaplex.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .adopt.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .overture.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .overture.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           tracking.foundry42.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .pro-market.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           www.accountonline.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           myaccount.verizonwireless.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .247realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .zedo.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .bluestreak.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .roiservice.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revenue.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .deltaairlines.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .adlegend.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           test.coremetrics.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .statcounter.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .statcounter.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .microsoftwlsearchcrm.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .palmone.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .keywordmax.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .perf.overture.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           www4.addfreestats.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .bfast.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .microsoftwga.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .youporn.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .youporn.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .youporn.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .*adult URL* [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .atdmt.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .interclick.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .accountonline.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .webpower.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .pornhub.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           cdn4.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           cdn4.specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .specificclick.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .insightexpressai.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           ad.yieldmanager.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .zedo.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .interclick.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .adserver.adtechus.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .burstnet.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .bs.serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .stampscom.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .mediaplex.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           ad.yieldmanager.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .revsci.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .realmedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .serving-sys.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .tradedoubler.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .tradedoubler.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .tradedoubler.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .usairways.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .sojern.122.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .collective-media.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .invitemedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .invitemedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .invitemedia.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .edmc.112.2o7.net [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           www.googleadservices.com [ C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\default.1ik\cookies.sqlite ]
           .advertise.com [ C:\Documents and Settings\Stephani

        smootr9

          Topic Starter


          Rookie

          Re: how do I remove a virus/spyware
          « Reply #6 on: September 15, 2010, 03:23:47 PM »
          here is the mbam scan log. I will have the rest done soon.

          Malwarebytes' Anti-Malware 1.46
          www.malwarebytes.org

          Database version: 4618

          Windows 5.1.2600 Service Pack 3
          Internet Explorer 6.0.2900.5512

          9/15/2010 5:44:40 PM
          mbam-log-2010-09-15 (17-44-40).txt

          Scan type: Full scan (C:\|)
          Objects scanned: 280731
          Time elapsed: 1 hour(s), 39 minute(s), 34 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 1
          Registry Values Infected: 0
          Registry Data Items Infected: 7
          Folders Infected: 1
          Files Infected: 13

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

          Registry Values Infected:
          (No malicious items detected)

          Registry Data Items Infected:
          HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
          HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
          HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
          HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
          HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
          HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
          HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

          Folders Infected:
          C:\Documents and Settings\Rathe\Application Data\My Security Shield (Rogue.MySecurityShield) -> Quarantined and deleted successfully.

          Files Infected:
          C:\Documents and Settings\All Users\Application Data\6065b69\MS6065_302.exe (Rogue.Installer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Rathe\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.qqv\Cache\AC7F958Ad01 (Rogue.Installer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4713YEZX\packupdate107_302[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4PK5UZCH\4ed47[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\8DU7GLUB\476c4[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
          C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP3\A0005230.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
          C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP3\A0005232.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
          C:\temp\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
          C:\temp\movie.exe (Rogue.Installer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Rathe\Application Data\My Security Shield\cookies.sqlite (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Rathe\Application Data\My Security Shield\Instructions.ini (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Rathe\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
          C:\WINNT\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

          smootr9

            Topic Starter


            Rookie

            Re: how do I remove a virus/spyware
            « Reply #7 on: September 15, 2010, 03:27:06 PM »
            here is the last log file that you requested. Hopefully we are well on our way to recovery. Thank you for what you have done thus far.

            Malwarebytes' Anti-Malware 1.46
            www.malwarebytes.org

            Database version: 4618

            Windows 5.1.2600 Service Pack 3
            Internet Explorer 6.0.2900.5512

            9/15/2010 5:44:40 PM
            mbam-log-2010-09-15 (17-44-40).txt

            Scan type: Full scan (C:\|)
            Objects scanned: 280731
            Time elapsed: 1 hour(s), 39 minute(s), 34 second(s)

            Memory Processes Infected: 0
            Memory Modules Infected: 0
            Registry Keys Infected: 1
            Registry Values Infected: 0
            Registry Data Items Infected: 7
            Folders Infected: 1
            Files Infected: 13

            Memory Processes Infected:
            (No malicious items detected)

            Memory Modules Infected:
            (No malicious items detected)

            Registry Keys Infected:
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

            Registry Values Infected:
            (No malicious items detected)

            Registry Data Items Infected:
            HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
            HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
            HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
            HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
            HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
            HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
            HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

            Folders Infected:
            C:\Documents and Settings\Rathe\Application Data\My Security Shield (Rogue.MySecurityShield) -> Quarantined and deleted successfully.

            Files Infected:
            C:\Documents and Settings\All Users\Application Data\6065b69\MS6065_302.exe (Rogue.Installer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Rathe\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.qqv\Cache\AC7F958Ad01 (Rogue.Installer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4713YEZX\packupdate107_302[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4PK5UZCH\4ed47[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\8DU7GLUB\476c4[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
            C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP3\A0005230.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP3\A0005232.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\temp\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
            C:\temp\movie.exe (Rogue.Installer) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Rathe\Application Data\My Security Shield\cookies.sqlite (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Rathe\Application Data\My Security Shield\Instructions.ini (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Rathe\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
            C:\WINNT\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

            smootr9

              Topic Starter


              Rookie

              Re: how do I remove a virus/spyware
              « Reply #8 on: September 15, 2010, 03:35:51 PM »
              sorry for the last I copied the wrong file.

              Results of screen317's Security Check version 0.99.5 
               Windows XP Service Pack 3 
               Internet Explorer 6 Out of date!
              ``````````````````````````````
              Antivirus/Firewall Check:

               Symantec AntiVirus Client   
               Antivirus up to date! 
              ```````````````````````````````
              Anti-malware/Other Utilities Check:

               Ad-Aware
               Malwarebytes' Anti-Malware   
               Max Registry Cleaner   
               Java(TM) 6 Update 15 
               Java(TM) SE Runtime Environment 6 Update 1
               Java(TM) 6 Update 2 
               Java(TM) 6 Update 3 
               Java(TM) 6 Update 5 
               Java(TM) 6 Update 7 
               Java 2 Runtime Environment, SE v1.4.2
               Java 2 Runtime Environment, SE v1.4.2_07
               Out of date Java installed!
              Adobe Reader 7.0
              Out of date Adobe Reader installed!
              ````````````````````````````````
              Process Check: 
              objlist.exe by Laurent

               Ad-Aware AAWService.exe
               Ad-Aware AAWTray.exe is disabled!
               Symantec_Client_Security Symantec AntiVirus DefWatch.exe 
              ````````````````````````````````
              DNS Vulnerability Check:

               nslookup.exe missing!
               GREAT! (Not vulnerable to DNS cache poisoning)

              ``````````End of Log````````````

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: how do I remove a virus/spyware
              « Reply #9 on: September 15, 2010, 06:39:33 PM »
                Please download the newest version of
              Adobe Acrobat Reader from Adobe.com

              Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
              Go to the Control Panel and enter Add or Remove Programs.
              Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

              Once old versions are gone, please install the newest version.
              ******************************************
              Update Your Java (JRE)

              Old versions of Java have vulnerabilities that malware can use to infect your system.


              First Verify your Java Version

              If there are any other version(s) installed then update now.

              Get the new version (if needed)

              If your version is out of date install the newest version of the Sun Java Runtime Environment.

              Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

              Be sure to close ALL open web browsers before starting the installation.

              Remove any old versions

              1. Download JavaRa and unzip the file to your Desktop.
              2. Open JavaRA.exe and choose Remove Older Versions
              3. Once complete exit JavaRA.
              4. Run CCleaner.

              Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

              *****************************************
              Please download ComboFix from BleepingComputer.com

              Alternate link: GeeksToGo.com

              Rename ComboFix.exe to commy.exe before you save it to your Desktop
              Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
              Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
              As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
              Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

              Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

              Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


              Click on Yes, to continue scanning for malware.
              When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

              If you have problems with ComboFix usage, see How to use ComboFix

              Windows 8 and Windows 10 dual boot with two SSD's

              smootr9

                Topic Starter


                Rookie

                Re: how do I remove a virus/spyware
                « Reply #10 on: September 15, 2010, 07:41:00 PM »
                I cannot install adobe reader because  I get an error message.
                Error 1402 could not open key.
                hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imail.
                verify that you have sufficient access to that key.

                I am running as an admin so I don't know how to circumvent this issue.

                Thanks

                smootr9

                  Topic Starter


                  Rookie

                  Re: how do I remove a virus/spyware
                  « Reply #11 on: September 16, 2010, 02:53:53 PM »
                  here is the combo fix log. I was able to update java and run combo fix but still can't install reader.  Where do I go from here? Thanks again.

                  ComboFix 10-09-15.01 - Rathe 09/16/2010   6:06.1.2 - x86
                  Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.96 [GMT -4:00]
                  Running from: c:\documents and settings\Rathe\Desktop\commy.exe.exe
                  .

                  (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  c:\documents and settings\Rathe\Recent\cb.exe
                  c:\documents and settings\Rathe\Recent\DBOLE.drv
                  c:\documents and settings\Rathe\Recent\eb.sys
                  c:\documents and settings\Rathe\Recent\energy.tmp
                  c:\documents and settings\Rathe\Recent\exec.drv
                  c:\documents and settings\Rathe\Recent\exec.exe
                  c:\documents and settings\Rathe\Recent\exec.tmp
                  c:\documents and settings\Rathe\Recent\FS.drv
                  c:\documents and settings\Rathe\Recent\grid.dll
                  c:\documents and settings\Rathe\Recent\hymt.dll
                  c:\documents and settings\Rathe\Recent\hymt.drv
                  c:\documents and settings\Rathe\Recent\pal.drv
                  c:\documents and settings\Rathe\Recent\PE.drv
                  c:\documents and settings\Rathe\Recent\PE.sys
                  c:\documents and settings\Rathe\Recent\ppal.tmp
                  c:\documents and settings\Rathe\Recent\sld.sys
                  c:\documents and settings\Rathe\Recent\tjd.dll
                  c:\winnt\system32\drivers\etc\lmhosts
                  c:\winnt\system32\eventmgr.exe

                  .
                  (((((((((((((((((((((((((   Files Created from 2010-08-16 to 2010-09-16  )))))))))))))))))))))))))))))))
                  .

                  2010-09-16 09:47 . 2010-07-17 09:00   423656   ----a-w-   c:\winnt\system32\deployJava1.dll
                  2010-09-16 01:53 . 2010-09-16 01:53   43425624   ----a-w-   c:\temp\AdbeRdr934_en_US.exe
                  2010-09-15 23:32 . 2010-09-15 23:32   --------   d-----w-   c:\documents and settings\Rathe\Local Settings\Application Data\Threat Expert
                  2010-09-15 21:50 . 2010-09-15 21:50   869051   ----a-w-   c:\temp\SecurityCheck.exe
                  2010-09-15 17:08 . 2010-09-15 17:08   --------   d-s---w-   c:\documents and settings\NetworkService\Temporary Internet Files
                  2010-09-15 17:08 . 2010-09-15 17:08   --------   d-s---w-   c:\documents and settings\NetworkService\History
                  2010-09-15 09:23 . 2010-04-29 19:39   38224   ----a-w-   c:\winnt\system32\drivers\mbamswissarmy.sys
                  2010-09-15 03:00 . 2010-09-15 03:00   --------   d-----w-   c:\documents and settings\Rathe\Application Data\SUPERAntiSpyware.com
                  2010-09-15 03:00 . 2010-09-15 03:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                  2010-09-15 03:00 . 2010-09-15 03:00   --------   d-----w-   c:\program files\SUPERAntiSpyware
                  2010-09-15 02:59 . 2010-09-15 02:59   9458552   ----a-w-   c:\temp\SUPERAntiSpyware.exe
                  2010-09-15 02:45 . 2010-09-15 02:45   6701   ----a-w-   c:\temp\MessengerDisable.zip
                  2010-09-14 14:31 . 2010-09-14 14:31   --------   d-----w-   c:\program files\Trend Micro
                  2010-09-14 14:28 . 2010-09-14 14:28   1402880   ----a-w-   c:\temp\HiJackThis.msi
                  2010-09-11 15:41 . 2010-09-11 15:41   --------   d-----w-   c:\program files\NOS
                  2010-09-11 15:41 . 2010-09-11 15:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
                  2010-09-04 19:19 . 2010-09-04 19:19   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
                  2010-09-04 19:17 . 2010-09-04 19:17   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Neoteris
                  2010-09-04 19:10 . 2010-01-22 13:56   149456   ----a-w-   c:\winnt\SGDetectionTool.dll
                  2010-09-04 19:10 . 2010-01-22 13:55   767952   ----a-w-   c:\winnt\BDTSupport.dll
                  2010-09-04 19:10 . 2008-11-26 16:08   131   ----a-w-   c:\winnt\IDB.zip
                  2010-09-04 19:10 . 2010-01-22 13:56   165840   ----a-w-   c:\winnt\PCTBDRes.dll
                  2010-09-04 19:10 . 2010-01-22 13:56   1652688   ----a-w-   c:\winnt\PCTBDCore.dll
                  2010-09-04 19:10 . 2009-10-28 05:36   1152444   ----a-w-   c:\winnt\UDB.zip
                  2010-09-04 19:08 . 2010-02-05 13:17   233136   ----a-w-   c:\winnt\system32\drivers\pctgntdi.sys
                  2010-09-04 19:08 . 2010-03-10 15:36   217032   ----a-w-   c:\winnt\system32\drivers\PCTCore.sys
                  2010-09-04 19:08 . 2009-11-23 17:54   88040   ----a-w-   c:\winnt\system32\drivers\PCTAppEvent.sys
                  2010-09-04 19:08 . 2010-02-05 13:25   70408   ----a-w-   c:\winnt\system32\drivers\pctplsg.sys
                  2010-09-04 19:08 . 2010-09-04 19:10   --------   d-----w-   c:\program files\Spyware Doctor
                  2010-09-04 19:08 . 2010-09-04 19:08   --------   d-----w-   c:\program files\Common Files\PC Tools
                  2010-09-04 19:08 . 2010-09-04 19:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
                  2010-09-04 19:08 . 2010-09-04 19:08   --------   d-----w-   c:\documents and settings\admin\Application Data\PC Tools
                  2010-09-04 19:08 . 2010-09-16 09:30   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
                  2010-09-04 19:01 . 2010-09-04 19:01   1870496   ----a-w-   c:\temp\HousecallLauncher(2).exe
                  2010-09-04 18:58 . 2010-09-04 18:58   1870496   ----a-w-   c:\temp\HousecallLauncher.exe
                  2010-09-04 18:01 . 2010-09-16 10:15   --------   d-s---w-   c:\documents and settings\Rathe\Temporary Internet Files
                  2010-09-04 18:01 . 2010-09-04 18:01   --------   d-s---w-   c:\documents and settings\Rathe\History
                  2010-08-30 14:18 . 2010-09-15 09:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                  2010-08-30 14:18 . 2010-04-29 19:39   20952   ----a-w-   c:\winnt\system32\drivers\mbam.sys
                  2010-08-30 13:58 . 2010-08-30 13:58   6153376   ----a-w-   c:\temp\mbam-setup(2).exe
                  2010-08-30 13:47 . 2010-08-30 13:47   --------   d-----w-   c:\documents and settings\Rathe\Application Data\Malwarebytes
                  2010-08-30 13:46 . 2010-08-30 13:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                  2010-08-30 13:45 . 2010-08-30 13:45   6153376   ----a-w-   c:\temp\mbam-setup.exe
                  2010-08-27 06:46 . 2010-08-27 06:46   --------   d-----w-   c:\documents and settings\admin\Application Data\Neoteris
                  2010-08-27 06:29 . 2010-08-27 06:29   --------   d-sh--w-   c:\documents and settings\All Users\Application Data\MSWPABXS
                  2010-08-27 06:28 . 2010-08-27 07:42   --------   d-sh--w-   c:\documents and settings\All Users\Application Data\6065b69
                  2010-08-27 06:16 . 2010-08-27 06:16   79360   --sha-r-   c:\winnt\system32\hlp95enl.dll
                  2010-08-17 13:17 . 2010-08-17 13:17   58880   ------w-   c:\winnt\system32\dllcache\spoolsv.exe

                  .
                  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2010-09-16 09:47 . 2003-10-07 14:43   --------   d-----w-   c:\program files\Common Files\Java
                  2010-09-16 09:47 . 2010-09-16 09:47   61440   ----a-w-   c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6d1c369c-n\decora-sse.dll
                  2010-09-16 09:47 . 2010-09-16 09:47   503808   ----a-w-   c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b2b5d97-n\msvcp71.dll
                  2010-09-16 09:47 . 2010-09-16 09:47   499712   ----a-w-   c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b2b5d97-n\jmc.dll
                  2010-09-16 09:47 . 2010-09-16 09:47   348160   ----a-w-   c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2b2b5d97-n\msvcr71.dll
                  2010-09-16 09:47 . 2010-09-16 09:47   12800   ----a-w-   c:\documents and settings\Rathe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6d1c369c-n\decora-d3d.dll
                  2010-09-16 09:47 . 2003-10-07 14:43   --------   d-----w-   c:\program files\Java
                  2010-09-16 07:21 . 2004-02-17 15:17   288   ----a-w-   c:\winnt\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
                  2010-09-16 07:21 . 2004-02-17 15:17   288   ----a-w-   c:\winnt\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
                  2010-09-16 02:03 . 2004-03-12 21:26   --------   d-----w-   c:\program files\Common Files\Adobe
                  2010-09-15 03:01 . 2010-09-15 03:01   63488   ----a-w-   c:\documents and settings\Rathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
                  2010-09-15 03:01 . 2010-09-15 03:01   52224   ----a-w-   c:\documents and settings\Rathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
                  2010-09-15 03:01 . 2010-09-15 03:01   117760   ----a-w-   c:\documents and settings\Rathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
                  2010-09-14 14:31 . 2010-09-14 14:31   388096   ----a-r-   c:\documents and settings\Rathe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                  2010-09-04 18:36 . 2009-08-12 23:48   --------   d-----w-   c:\program files\Max Registry Cleaner
                  2010-09-04 18:36 . 2004-02-25 03:03   --------   d-----w-   c:\program files\Program Shortcuts
                  2010-09-04 18:16 . 2009-08-12 23:48   123   ----a-w-   c:\documents and settings\All Users\Application Data\Max Secure\Max Registry Cleaner\SYSRegC.dll
                  2010-09-01 19:52 . 2010-09-16 01:52   35136   ----a-w-   c:\documents and settings\Rathe\Application Data\Mozilla\Firefox\Profiles\default.qqv\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
                  2010-09-01 19:52 . 2010-09-16 01:52   32032   ----a-w-   c:\documents and settings\Rathe\Application Data\Mozilla\Firefox\Profiles\default.qqv\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
                  2010-08-31 22:22 . 2009-08-27 17:19   1102336   ----a-w-   c:\winnt\system32\CheckDll.dll
                  2010-08-27 06:53 . 2009-10-14 00:00   --------   d-----w-   c:\program files\Max Spyware Detector
                  2010-08-25 16:11 . 2009-06-05 11:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\Juniper Networks
                  2010-08-17 13:17 . 1980-01-01 06:00   58880   ----a-w-   c:\winnt\system32\spoolsv.exe
                  2010-08-13 13:13 . 2010-08-27 21:32   66112   ----a-w-   c:\documents and settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_Helper_3004.dll
                  2010-08-13 13:13 . 2010-08-27 21:32   35136   ----a-w-   c:\documents and settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
                  2010-08-13 13:13 . 2010-08-27 21:32   328080   ----a-w-   c:\documents and settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe
                  2010-08-13 13:13 . 2010-08-27 21:32   32032   ----a-w-   c:\documents and settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
                  2010-07-22 15:49 . 2004-06-21 01:00   590848   ----a-w-   c:\winnt\system32\rpcrt4.dll
                  2010-07-22 05:57 . 2009-04-15 12:43   5120   ----a-w-   c:\winnt\system32\xpsp4res.dll
                  2010-06-30 12:31 . 1980-01-01 06:00   149504   ----a-w-   c:\winnt\system32\schannel.dll
                  2010-06-24 12:10 . 2004-12-07 21:37   667136   ----a-w-   c:\winnt\system32\wininet.dll
                  2010-06-24 12:10 . 2004-08-04 07:56   81920   ------w-   c:\winnt\system32\ieencode.dll
                  2010-06-23 13:44 . 1980-01-01 06:00   1851904   ----a-w-   c:\winnt\system32\win32k.sys
                  2010-06-21 15:27 . 1980-01-01 06:00   354304   ----a-w-   c:\winnt\system32\drivers\srv.sys
                  2010-06-18 17:45 . 1980-01-01 06:00   293376   ----a-w-   c:\winnt\system32\winsrv.dll
                  .

                  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Note* empty entries & legit default entries are not shown
                  REGEDIT4

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTHelper"="CTHELPER.EXE" [2003-01-21 28672]
                  "NvCplDaemon"="c:\winnt\System32\NvCpl.dll" [2003-11-17 3022848]
                  "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-23 615696]
                  "RCAutoLiveUpdate"="c:\program files\Max Registry Cleaner\MaxLURC.exe" [2010-02-12 761800]
                  "RCSystemTray"="c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe" [2010-02-12 651208]
                  "SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2009-10-10 800688]
                  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
                  "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
                  "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
                  "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

                  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                  2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
                  2005-01-04 19:17   1937408   ------w-   c:\program files\Ahead\Nero BackItUp\NBJ.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                  2001-07-09 15:50   155648   ----a-w-   c:\winnt\system32\NeroCheck.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
                  2004-11-12 01:50   212992   ----a-w-   c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                  "InCDsrv"=2 (0x2)

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                  "EnableFirewall"= 0 (0x0)

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                  "%windir%\\system32\\sessmgr.exe"=
                  "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
                  "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
                  "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
                  "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
                  "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
                  "c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
                  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                  "c:\\Program Files\\iTunes\\iTunes.exe"=

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                  "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

                  R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [9/4/2010 3:08 PM 217032]
                  R1 Neofltr;Neoteris TDI Filter - Layered Version;c:\winnt\system32\drivers\NEOFLTR.sys [8/13/2004 11:19 PM 50349]
                  R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
                  R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
                  R1 SDManager;SDManager;c:\program files\Max Spyware Detector\SDManager.sys [10/13/2009 8:00 PM 25520]
                  R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/4/2010 3:10 PM 112592]
                  S3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [9/15/2010 5:23 AM 38224]
                  S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\winnt\System32\svchost.exe -k nosGetPlusHelper [1/1/1980 2:00 AM 14336]
                  S3 scsiscan;SCSI Scanner Driver;c:\winnt\system32\drivers\scsiscan.sys [3/13/2004 5:58 PM 11520]

                  --- Other Services/Drivers In Memory ---

                  *NewlyCreated* - JAVAQUICKSTARTERSERVICE

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                  nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
                  .
                  Contents of the 'Scheduled Tasks' folder

                  2010-09-15 c:\winnt\Tasks\AppleSoftwareUpdate.job
                  - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

                  2004-02-26 c:\winnt\Tasks\ISP signup reminder 1.job
                  - c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]

                  2004-03-05 c:\winnt\Tasks\ISP signup reminder 2.job
                  - c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]

                  2004-02-25 c:\winnt\Tasks\ISP signup reminder 3.job
                  - c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]
                  .
                  .
                  ------- Supplementary Scan -------
                  .
                  mStart Page = hxxp://www.gateway.net
                  uInternet Connection Wizard,ShellNext = hxxp://housecall.trendmicro.com/
                  LSP: c:\program files\Neoteris\Secure Application Manager\gapsp.dll
                  DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
                  FF - ProfilePath - c:\documents and settings\Rathe\Application Data\Mozilla\Firefox\Profiles\default.qqv\
                  FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
                  FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
                  FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search/?fr=ffds1&p=
                  FF - plugin: c:\documents and settings\Rathe\Application Data\Mozilla\Firefox\Profiles\default.qqv\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
                  FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
                  FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
                  FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
                  FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
                  FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
                  FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
                  .
                  - - - - ORPHANS REMOVED - - - -

                  HKLM-Run-POINTER - point32.exe
                  Notify-SDNotify - c:\program files\Max Spyware Detector\SDNotify.dll
                  MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
                  AddRemove-4AF3F682-FE2A-488D-A11C-A0470A325E93 - c:\program files\WildTangent\Apps\GameChannel\Games\4AF3F682-FE2A-488D-A11C-A0470A325E93\Uninstall.exe
                  AddRemove-5A137FCB-35EA-4849-8239-AFEBD2F45B3B - c:\program files\WildTangent\Apps\GameChannel\Games\5A137FCB-35EA-4849-8239-AFEBD2F45B3B\Uninstall.exe
                  AddRemove-618CD711-AFB3-4EB4-9B48-ABD2AB370B21 - c:\program files\WildTangent\Apps\GameChannel\Games\618CD711-AFB3-4EB4-9B48-ABD2AB370B21\Uninstall.exe
                  AddRemove-70216ACD-1547-44E5-8966-615BE9569EAD - c:\program files\WildTangent\Apps\GameChannel\Games\70216ACD-1547-44E5-8966-615BE9569EAD\Uninstall.exe
                  AddRemove-97D31CB6-F2B5-4875-B6B0-8AF75AC414DB - c:\program files\WildTangent\Apps\GameChannel\Games\97D31CB6-F2B5-4875-B6B0-8AF75AC414DB\Uninstall.exe
                  AddRemove-A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24 - c:\program files\WildTangent\Apps\GameChannel\Games\A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24\Uninstall.exe
                  AddRemove-AA4162B8-1BB1-4110-8F93-0092D4DEF122 - c:\program files\WildTangent\Apps\GameChannel\Games\AA4162B8-1BB1-4110-8F93-0092D4DEF122\Uninstall.exe
                  AddRemove-ADFCE1E4-A420-437C-998D-EAF04E3601BE - c:\program files\WildTangent\Apps\GameChannel\Games\ADFCE1E4-A420-437C-998D-EAF04E3601BE\Uninstall.exe
                  AddRemove-BECB8A74-E07D-44A1-813D-1E390EB3047B - c:\program files\WildTangent\Apps\GameChannel\Games\BECB8A74-E07D-44A1-813D-1E390EB3047B\Uninstall.exe
                  AddRemove-C4D2212B-5331-470D-9BF7-96DB25A398C7 - c:\program files\WildTangent\Apps\GameChannel\Games\C4D2212B-5331-470D-9BF7-96DB25A398C7\Uninstall.exe
                  AddRemove-Creative Driver - c:\winnt\System32\ctdrvins
                  AddRemove-UnrealTournament - c:\unrealtournament\System\Setup.exe



                  **************************************************************************

                  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2010-09-16 06:15
                  Windows 5.1.2600 Service Pack 3 NTFS

                  scanning hidden processes ... 

                  scanning hidden autostart entries ...

                  scanning hidden files ... 

                  scan completed successfully
                  hidden files: 0

                  **************************************************************************
                  .
                  --------------------- LOCKED REGISTRY KEYS ---------------------

                  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
                  @DACL=(02 0000)
                  "Installed"="1"

                  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
                  @DACL=(02 0000)
                  "Installed"="1"
                  "NoChange"="1"

                  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
                  @DACL=(02 0000)
                  "Installed"="1"
                  .
                  --------------------- DLLs Loaded Under Running Processes ---------------------

                  - - - - - - - > 'winlogon.exe'(756)
                  c:\program files\SUPERAntiSpyware\SASWINLO.DLL

                  - - - - - - - > 'lsass.exe'(812)
                  c:\program files\Neoteris\Secure Application Manager\gapsp.dll
                  .
                  Completion time: 2010-09-16  06:21:23
                  ComboFix-quarantined-files.txt  2010-09-16 10:21

                  Pre-Run: 49,376,104,448 bytes free
                  Post-Run: 50,765,930,496 bytes free

                  WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
                  [boot loader]
                  timeout=2
                  default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
                  [operating systems]
                  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
                  UnsupportedDebug="do not select this" /debug
                  multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

                  - - End Of File - - D0551782B2E09ABB9D7F2F6E981D5CE9

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: how do I remove a virus/spyware
                  « Reply #12 on: September 16, 2010, 04:39:45 PM »
                  Quote
                  but still can't install reader.  Where do I go from here? Thanks again.
                  Please remind me to deal with this later.

                  Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

                  There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry. (Max Registry Cleaner)

                  For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

                  Further reading: XP Fixes Myth #1: Registry Cleaners

                  *****************************************
                  * Download the following tool: RootRepeal - Rootkit Detector
                  * Direct download link is here: RootRepeal.zip

                  * Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
                  * Click this link to see a list of such programs and how to disable them.

                  * Extract the program file to a new folder such as C:\RootRepeal
                  * Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
                  * Select ALL of the checkboxes and then click OK and it will start scanning your system.
                  * If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
                  * When done, click on Save Report
                  * Save it to the same location where you ran it from, such as C:RootRepeal
                  * Save it as rootrepeal.txt
                  * Then open that log and select all and copy/paste it back on your next reply please.
                  * Close RootRepeal.
                  Windows 8 and Windows 10 dual boot with two SSD's

                  smootr9

                    Topic Starter


                    Rookie

                    Re: how do I remove a virus/spyware
                    « Reply #13 on: September 16, 2010, 05:17:28 PM »
                    here is the root repeal log. I think we are getting somewhere it will finally let me open my antivirus software, still can't get adobe reader but I'm sure that will come later. Thanks.

                    ROOTREPEAL (c) AD, 2007-2009
                    ==================================================
                    Scan Start Time:      2010/09/16 19:27
                    Program Version:      Version 1.3.5.0
                    Windows Version:      Windows XP SP3
                    ==================================================

                    Drivers
                    -------------------
                    Name: catchme.sys
                    Image Path: C:\WINNT\TEMP\catchme.sys
                    Address: 0xF60FE000   Size: 31744   File Visible: No   Signed: -
                    Status: -

                    Name: dump_atapi.sys
                    Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
                    Address: 0xF60A6000   Size: 98304   File Visible: No   Signed: -
                    Status: -

                    Name: dump_WMILIB.SYS
                    Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
                    Address: 0xF8B1F000   Size: 8192   File Visible: No   Signed: -
                    Status: -

                    Name: mbr.sys
                    Image Path: C:\WINNT\TEMP\mbr.sys
                    Address: 0xF8947000   Size: 20864   File Visible: No   Signed: -
                    Status: -

                    Name: PROCEXP113.SYS
                    Image Path: C:\WINNT\system32\Drivers\PROCEXP113.SYS
                    Address: 0xF8AD1000   Size: 7872   File Visible: No   Signed: -
                    Status: -

                    Name: rootrepeal.sys
                    Image Path: C:\WINNT\system32\drivers\rootrepeal.sys
                    Address: 0xF6368000   Size: 49152   File Visible: No   Signed: -
                    Status: -

                    Hidden/Locked Files
                    -------------------
                    Path: C:\hiberfil.sys
                    Status: Locked to the Windows API!

                    Path: C:\Documents and Settings\Junior\Application Data\Mozilla\Firefox\Profiles\default.l6z\bookmarkbackups\bookmarks-2010-08-26.json
                    Status: Visible to the Windows API, but not on disk.

                    ==EOF==

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: how do I remove a virus/spyware
                    « Reply #14 on: September 17, 2010, 12:04:38 PM »
                    I'd like to scan your machine with ESET OnlineScan

                    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                    ESET OnlineScan
                    •Click the button.
                    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                    • Click on to download the ESET Smart Installer. Save it to your desktop.
                    • Double click on the icon on your desktop.
                    •Check
                    •Click the button.
                    •Accept any security warnings from your browser.
                    •Check
                    •Push the Start button.
                    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                    •When the scan completes, push
                    •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                    •Push the button.
                    •Push
                    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

                    Windows 8 and Windows 10 dual boot with two SSD's