Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"VirTool:INF/Autorun.gen!F"


  • Please log in to reply
14 replies to this topic

#1 Fixing1

Fixing1

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 21 October 2012 - 12:11 AM

I have a file open with the same topic headline. I have 2 computers and I ran all the scan that I was advised to run on my other computer on this one because I had the same computer.

Should I show the results?

http://www.bleepingcomputer.com/forums/topic471844.html/page__p__2872205__hl__autorun__fromsearch__1#entry2872205

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:10 PM

Posted 21 October 2012 - 04:49 AM

Hello -
You can follow these instructions first to see if you have the same infections as your other computer -
First -
Please download MiniToolBox, Save it to your desktop and run it.

Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
List devices (Problem only)
•List Users, Partitions and Memory size.
•List Minidump Files
Click Go and copy / paste the result (Result.txt).

Next -
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

Next -
Download Malwarebytes Anti-Malware Free - Update and run a Quick scan.
Post the log back here -

Next -
Download SuperantiSpyware Free - Update and run a Quick scan.
Post the log back here -

Next -
Click on the following link to open ESET OnlineScan
You will be prompted to disable any antivirus programs for this to run - Download ESET online Scanner this will take a while to load the base program and then the updated definitions
Post the results back here -

Next -
Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.
AdWare Cleaner

Thank You -
Edited to change scan order -

Edited by noknojon, 21 October 2012 - 04:50 AM.


#3 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 21 October 2012 - 06:16 PM

C:\doctemp\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined
C:\Program Files\Morpheus\morpheustoolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Users\Jay\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Jay\AppData\Local\Temp\BDC62E2D-BAB0-7891-AC48-C6D4CED090FF\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2012 at 11:55 PM

Application Version : 5.6.1010

Core Rules Database Version : 9402
Trace Rules Database Version: 7214

Scan type : Quick Scan
Total Scan Time : 00:17:47

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned : 801
Memory threats detected : 0
Registry items scanned : 30636
Registry threats detected : 116
File items scanned : 11257
File threats detected : 229

PUP.MyWebSearch/FunWebProducts
HKU\S-1-5-21-2228953216-2475306572-2080351113-1002\SOFTWARE\FunWebProducts
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version

Adware.Tracking Cookie
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@acronymfinder[1].txt [ /acronymfinder ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ad.adsplashmedia[1].txt [ /ad.adsplashmedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@adfarm1.adition[2].txt [ /adfarm1.adition ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ads.cnn[2].txt [ /ads.cnn ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ads.gtsads[1].txt [ /ads.gtsads ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ads.mediamayhemcorp[2].txt [ /ads.mediamayhemcorp ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ads.networldmedia[2].txt [ /ads.networldmedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ads.soft32[2].txt [ /ads.soft32 ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ads.sun[2].txt [ /ads.sun ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@ads.us.e-planning[1].txt [ /ads.us.e-planning ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@adultrental[1].txt [ /adultrental ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@advertising[2].txt [ /advertising ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@analytics.rogersmedia[1].txt [ /analytics.rogersmedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@apmebf[1].txt [ /apmebf ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@atdmt[2].txt [ /atdmt ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@bell-banners.sun2.lightsurf[2].txt [ /bell-banners.sun2.lightsurf ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@bellcan.adbureau[2].txt [ /bellcan.adbureau ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@bookfinder[2].txt [ /bookfinder ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@bs.serving-sys[2].txt [ /bs.serving-sys ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@businessexchange[2].txt [ /businessexchange ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@caselaw.lp.findlaw[1].txt [ /caselaw.lp.findlaw ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@clickpass[1].txt [ /clickpass ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@countercentral[1].txt [ /countercentral ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@doubleclick[2].txt [ /doubleclick ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@eas.apm.emediate[1].txt [ /eas.apm.emediate ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@findapro[2].txt [ /findapro ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@findlaw[2].txt [ /findlaw ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@hdwarez[1].txt [ /hdwarez ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@hornymatches[1].txt [ /hornymatches ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@incentaclick[2].txt [ /incentaclick ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@insightcommunity[2].txt [ /insightcommunity ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@invitemedia[2].txt [ /invitemedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@media.mtvnservices[2].txt [ /media.mtvnservices ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@media.zoominfo[1].txt [ /media.zoominfo ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@media6degrees[1].txt [ /media6degrees ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@mediaplex[2].txt [ /mediaplex ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@offers.easyoffertracking[1].txt [ /offers.easyoffertracking ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@order.softwarez-depot[1].txt [ /order.softwarez-depot ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@partners.tattomedia[2].txt [ /partners.tattomedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@questionmarket[2].txt [ /questionmarket ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@revenue.virtualcountries[2].txt [ /revenue.virtualcountries ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@revenuetoday[1].txt [ /revenuetoday ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@richmedia.yahoo[1].txt [ /richmedia.yahoo ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@rogersmedia[1].txt [ /rogersmedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@server.iad.liveperson[3].txt [ /server.iad.liveperson ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@serving-sys[2].txt [ /serving-sys ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@sex-tube20008[1].txt [ /sex-tube20008 ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@sex-tube20008[2].txt [ /sex-tube20008 ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@sexxc2k.spaces.live[2].txt [ /sexxc2k.spaces.live ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@sexyescortads[2].txt [ /sexyescortads ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@socialmedia[2].txt [ /socialmedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@stats-link-canada[2].txt [ /stats-link-canada ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@stats.cbc[1].txt [ /stats.cbc ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@stats.manticoretechnology[1].txt [ /stats.manticoretechnology ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@stats.sympatico.msn[2].txt [ /stats.sympatico.msn ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@super.kitnmedia[1].txt [ /super.kitnmedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@technoratimedia[1].txt [ /technoratimedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@teen-culture.suite101[2].txt [ /teen-culture.suite101 ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@trackalyzer[1].txt [ /trackalyzer ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@tracking.foundry42[2].txt [ /tracking.foundry42 ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@urlaltfarm--mediaplex--com.rtrk[1].txt [ /urlaltfarm--mediaplex--com.rtrk ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@urlview--atdmt--com.rtrk[2].txt [ /urlview--atdmt--com.rtrk ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@usenext[1].txt [ /usenext ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@webtrends.moxymedia[1].txt [ /webtrends.moxymedia ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@www.businessexchange[2].txt [ /www.businessexchange ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@www.hdwarez[2].txt [ /www.hdwarez ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@www.hornymatches[1].txt [ /www.hornymatches ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@www.incentaclick[1].txt [ /www.incentaclick ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@www.inteletrack[2].txt [ /www.inteletrack ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@www.visitor-track[1].txt [ /www.visitor-track ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@www.xxxblackbook[2].txt [ /www.xxxblackbook ]
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Cookies\jay@xxxblackbook[2].txt [ /xxxblackbook ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\jay@www.dennisparadis[2].txt [ Cookie:jay@www.dennisparadis.com/Util/Stats.ashx ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\jay@digitalpoint[1].txt [ Cookie:jay@digitalpoint.com/ads/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@adlegend[2].txt [ Cookie:jay@adlegend.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@www.burstnet[1].txt [ Cookie:jay@www.burstnet.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@interclick[3].txt [ Cookie:jay@interclick.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@tribalfusion[3].txt [ Cookie:jay@tribalfusion.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@dmtracker[3].txt [ Cookie:jay@dmtracker.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@canoe.112.2o7[3].txt [ Cookie:jay@canoe.112.2o7.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@bellcan.adbureau[4].txt [ Cookie:jay@bellcan.adbureau.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@bs.serving-sys[4].txt [ Cookie:jay@bs.serving-sys.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@statse.webtrendslive[3].txt [ Cookie:jay@statse.webtrendslive.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@adinterax[1].txt [ Cookie:jay@adinterax.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@invitemedia[5].txt [ Cookie:jay@invitemedia.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@network-ca.247realmedia[2].txt [ Cookie:jay@network-ca.247realmedia.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@247realmedia[4].txt [ Cookie:jay@247realmedia.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@adbrite[4].txt [ Cookie:jay@adbrite.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@fastclick[2].txt [ Cookie:jay@fastclick.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@citi.bridgetrack[2].txt [ Cookie:jay@citi.bridgetrack.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@CALVIAJI.txt [ Cookie:jay@google.com/accounts/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@giftscom.122.2o7[1].txt [ Cookie:jay@giftscom.122.2o7.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@casalemedia[5].txt [ Cookie:jay@casalemedia.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@richmedia.yahoo[3].txt [ Cookie:jay@richmedia.yahoo.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@hitbox[1].txt [ Cookie:jay@hitbox.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@a1.interclick[2].txt [ Cookie:jay@a1.interclick.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@msnportal.112.2o7[3].txt [ Cookie:jay@msnportal.112.2o7.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@advertising[4].txt [ Cookie:jay@advertising.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@atdmt[1].txt [ Cookie:jay@atdmt.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@vitamine.networldmedia[3].txt [ Cookie:jay@vitamine.networldmedia.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@at.atwola[4].txt [ Cookie:jay@at.atwola.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@ru4[2].txt [ Cookie:jay@ru4.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@shared.rogersmedia[2].txt [ Cookie:jay@shared.rogersmedia.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@user.lucidmedia[1].txt [ Cookie:jay@user.lucidmedia.com/clicksense/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@2o7[4].txt [ Cookie:jay@2o7.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@zedo[4].txt [ Cookie:jay@zedo.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@adserver.adtechus[4].txt [ Cookie:jay@adserver.adtechus.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@revsci[3].txt [ Cookie:jay@revsci.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@insightexpressai[1].txt [ Cookie:jay@insightexpressai.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@bluestreak[1].txt [ Cookie:jay@bluestreak.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@chitika[5].txt [ Cookie:jay@chitika.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@collective-media[3].txt [ Cookie:jay@collective-media.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@sdabocconi.solution.weborama[2].txt [ Cookie:jay@sdabocconi.solution.weborama.fr/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@sympatico.112.2o7[3].txt [ Cookie:jay@sympatico.112.2o7.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@ehg-techtarget.hitbox[2].txt [ Cookie:jay@ehg-techtarget.hitbox.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@entrepreneurship[1].txt [ Cookie:jay@entrepreneurship.org/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@workopolis.122.2o7[2].txt [ Cookie:jay@workopolis.122.2o7.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@questionmarket[3].txt [ Cookie:jay@questionmarket.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@analytics.rogersmedia[2].txt [ Cookie:jay@analytics.rogersmedia.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@doubleclick[4].txt [ Cookie:jay@doubleclick.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@ad.yieldmanager[5].txt [ Cookie:jay@ad.yieldmanager.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@ads.pointroll[2].txt [ Cookie:jay@ads.pointroll.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@liveperson[1].txt [ Cookie:jay@liveperson.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@networldmedia[4].txt [ Cookie:jay@networldmedia.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@avgtechnologies.112.2o7[1].txt [ Cookie:jay@avgtechnologies.112.2o7.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@revenue[3].txt [ Cookie:jay@revenue.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@www.googleadservices[4].txt [ Cookie:jay@www.googleadservices.com/pagead/conversion/1062803939/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@kontera[3].txt [ Cookie:jay@kontera.com/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@www.google[5].txt [ Cookie:jay@www.google.com/support/accounts/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@specificclick[2].txt [ Cookie:jay@specificclick.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@pro-market[1].txt [ Cookie:jay@pro-market.net/ ]
C:\USERS\JAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\jay@smartadserver[1].txt [ Cookie:jay@smartadserver.com/ ]
C:\USERS\JAY\Cookies\jay@www.hdwarez[2].txt [ Cookie:jay@www.hdwarez.com/ ]
C:\USERS\JAY\Cookies\jay@xxxblackbook[2].txt [ Cookie:jay@xxxblackbook.com/ ]
C:\USERS\JAY\Cookies\jay@media.zoominfo[1].txt [ Cookie:jay@media.zoominfo.com/ ]
C:\USERS\JAY\Cookies\jay@bellcan.adbureau[2].txt [ Cookie:jay@bellcan.adbureau.net/ ]
C:\USERS\JAY\Cookies\jay@usenext[1].txt [ Cookie:jay@usenext.de/ ]
C:\USERS\JAY\Cookies\jay@www.dennisparadis[2].txt [ Cookie:jay@www.dennisparadis.com/Util/Stats.ashx ]
C:\USERS\JAY\Cookies\jay@www.inteletrack[2].txt [ Cookie:jay@www.inteletrack.com/ ]
C:\USERS\JAY\Cookies\jay@advertising[2].txt [ Cookie:jay@advertising.com/ ]
C:\USERS\JAY\Cookies\jay@atdmt[2].txt [ Cookie:jay@atdmt.com/ ]
C:\USERS\JAY\Cookies\jay@tracking.foundry42[2].txt [ Cookie:jay@tracking.foundry42.com/ ]
C:\USERS\JAY\Cookies\jay@socialmedia[2].txt [ Cookie:jay@socialmedia.com/ ]
C:\USERS\JAY\Cookies\jay@hdwarez[1].txt [ Cookie:jay@hdwarez.com/ ]
C:\USERS\JAY\Cookies\jay@sexxc2k.spaces.live[2].txt [ Cookie:jay@sexxc2k.spaces.live.com/ ]
C:\USERS\JAY\Cookies\jay@doubleclick[2].txt [ Cookie:jay@doubleclick.net/ ]
C:\USERS\JAY\Cookies\jay@ad.yieldmanager[2].txt [ Cookie:jay@ad.yieldmanager.com/ ]
C:\USERS\JAY\Cookies\jay@order.softwarez-depot[1].txt [ Cookie:jay@order.softwarez-depot.com/ ]
C:\USERS\JAY\Cookies\jay@media.mtvnservices[2].txt [ Cookie:jay@media.mtvnservices.com/ ]
C:\USERS\JAY\Cookies\jay@trackalyzer[1].txt [ Cookie:jay@trackalyzer.com/ ]
C:\USERS\JAY\Cookies\jay@revenuetoday[1].txt [ Cookie:jay@revenuetoday.com/ ]
C:\USERS\JAY\Cookies\jay@urlview--atdmt--com.rtrk[2].txt [ Cookie:jay@urlview--atdmt--com.rtrk.com/ ]
C:\USERS\JAY\Cookies\jay@www.xxxblackbook[2].txt [ Cookie:jay@www.xxxblackbook.com/ ]
C:\USERS\JAY\Cookies\jay@acronymfinder[1].txt [ Cookie:jay@acronymfinder.com/ ]
C:\USERS\JAY\Cookies\jay@findlaw[2].txt [ Cookie:jay@findlaw.com/ ]
C:\USERS\JAY\Cookies\jay@stats.sympatico.msn[2].txt [ Cookie:jay@stats.sympatico.msn.ca/ ]
C:\USERS\JAY\Cookies\jay@webtrends.moxymedia[1].txt [ Cookie:jay@webtrends.moxymedia.com/ ]
C:\USERS\JAY\Cookies\jay@partners.tattomedia[2].txt [ Cookie:jay@partners.tattomedia.com/ ]
C:\USERS\JAY\Cookies\jay@richmedia.yahoo[1].txt [ Cookie:jay@richmedia.yahoo.com/ ]
C:\USERS\JAY\Cookies\jay@incentaclick[2].txt [ Cookie:jay@incentaclick.com/ ]
C:\USERS\JAY\Cookies\jay@stats-link-canada[2].txt [ Cookie:jay@stats-link-canada.com/ ]
C:\USERS\JAY\Cookies\jay@www.businessexchange[2].txt [ Cookie:jay@www.businessexchange.ca/ ]
C:\USERS\JAY\Cookies\jay@ad.adsplashmedia[1].txt [ Cookie:jay@ad.adsplashmedia.com/ ]
C:\USERS\JAY\Cookies\jay@findapro[2].txt [ Cookie:jay@findapro.biz/ ]
C:\USERS\JAY\Cookies\jay@www.incentaclick[1].txt [ Cookie:jay@www.incentaclick.com/ ]
C:\USERS\JAY\Cookies\jay@offers.easyoffertracking[1].txt [ Cookie:jay@offers.easyoffertracking.com/ ]
C:\USERS\JAY\Cookies\jay@stats.cbc[1].txt [ Cookie:jay@stats.cbc.ca/ ]
C:\USERS\JAY\Cookies\jay@analytics.rogersmedia[1].txt [ Cookie:jay@analytics.rogersmedia.com/ ]
C:\USERS\JAY\Cookies\jay@adultrental[1].txt [ Cookie:jay@adultrental.com/ ]
C:\USERS\JAY\Cookies\jay@revenue.virtualcountries[2].txt [ Cookie:jay@revenue.virtualcountries.com/ ]
C:\USERS\JAY\Cookies\jay@urlaltfarm--mediaplex--com.rtrk[1].txt [ Cookie:jay@urlaltfarm--mediaplex--com.rtrk.com/ ]
C:\USERS\JAY\Cookies\jay@teen-culture.suite101[2].txt [ Cookie:jay@teen-culture.suite101.com/ ]
C:\USERS\JAY\Cookies\jay@bell-banners.sun2.lightsurf[2].txt [ Cookie:jay@bell-banners.sun2.lightsurf.net/ ]
C:\USERS\JAY\Cookies\jay@insightcommunity[2].txt [ Cookie:jay@insightcommunity.com/ ]
C:\USERS\JAY\Cookies\jay@technoratimedia[1].txt [ Cookie:jay@technoratimedia.com/ ]
C:\USERS\JAY\Cookies\jay@clickpass[1].txt [ Cookie:jay@clickpass.com/ ]
C:\USERS\JAY\Cookies\jay@questionmarket[2].txt [ Cookie:jay@questionmarket.com/ ]
C:\USERS\JAY\Cookies\jay@ads.mediamayhemcorp[2].txt [ Cookie:jay@ads.mediamayhemcorp.com/ ]
C:\USERS\JAY\Cookies\jay@sexyescortads[2].txt [ Cookie:jay@sexyescortads.com/ ]
C:\USERS\JAY\Cookies\jay@invitemedia[2].txt [ Cookie:jay@invitemedia.com/ ]
C:\USERS\JAY\Cookies\jay@www.visitor-track[1].txt [ Cookie:jay@www.visitor-track.com/ ]
C:\USERS\JAY\Cookies\jay@stats.manticoretechnology[1].txt [ Cookie:jay@stats.manticoretechnology.com/Data/254/2129/2C8EBF5A-1654-4C0B-BAC9-1D3CEDAEE8F8/ ]
C:\USERS\JAY\Cookies\jay@digitalpoint[1].txt [ Cookie:jay@digitalpoint.com/ads/ ]
C:\USERS\JAY\Cookies\jay@super.kitnmedia[1].txt [ Cookie:jay@super.kitnmedia.com/super/ ]
C:\USERS\JAY\Cookies\jay@bs.serving-sys[2].txt [ Cookie:jay@bs.serving-sys.com/ ]
C:\USERS\JAY\Cookies\jay@www.hornymatches[1].txt [ Cookie:jay@www.hornymatches.com/ ]
C:\USERS\TEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\test@tacoda.at.atwola[1].txt [ Cookie:test@tacoda.at.atwola.com/ ]
C:\USERS\TEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\test@imrworldwide[2].txt [ Cookie:test@imrworldwide.com/cgi-bin ]
C:\USERS\TEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\test@casalemedia[1].txt [ Cookie:test@casalemedia.com/ ]
C:\USERS\TEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\test@c1.atdmt[1].txt [ Cookie:test@c1.atdmt.com/ ]
.c.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sympatico.112.2o7.net [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


MiniToolBox by Farbar Version: 23-07-2012
Ran by Jay (administrator) on 20-10-2012 at 22:24:39
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jay-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-0E-21-6B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7041:ff29:b:533f%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : October-20-12 10:00:27 PM
Lease Expires . . . . . . . . . . : October-30-12 10:00:28 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-15-C5-78-FE-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.phub.net.cable.rogers.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D0547E97-1249-4B73-9C43-412CB4E05BD3}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A98324B6-8782-4354-B255-DD6B7045C02A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4006:803::1003
74.125.226.65
74.125.226.66
74.125.226.67
74.125.226.68
74.125.226.69
74.125.226.70
74.125.226.71
74.125.226.72
74.125.226.73
74.125.226.78
74.125.226.64

Pinging google.com [74.125.226.64] with 32 bytes of data:Reply from 74.125.226.64: bytes=32 time=14ms TTL=56Reply from 74.125.226.64: bytes=32 time=13ms TTL=56Ping statistics for 74.125.226.64: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 13ms, Maximum = 14ms, Average = 13msServer: UnKnown
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=42ms TTL=49Reply from 98.139.183.24: bytes=32 time=41ms TTL=50Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 41ms, Maximum = 42ms, Average = 41msServer: UnKnown
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
10 ...00 13 e8 0e 21 6b ...... Intel® Wireless WiFi Link 4965AGN
9 ...00 15 c5 78 fe 9d ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.phub.net.cable.rogers.com
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
27 ...00 00 00 00 00 00 00 e0 isatap.{D0547E97-1249-4B73-9C43-412CB4E05BD3}
25 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
28 ...00 00 00 00 00 00 00 e0 isatap.{A98324B6-8782-4354-B255-DD6B7045C02A}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.102 40
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 296
192.168.1.102 255.255.255.255 On-link 192.168.1.102 296
192.168.1.255 255.255.255.255 On-link 192.168.1.102 296
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 296 fe80::/64 On-link
10 296 fe80::7041:ff29:b:533f/128
On-link
1 306 ff00::/8 On-link
10 296 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/20/2012 10:10:52 PM) (Source: MsiInstaller) (User: Jay-PC)Jay-PC
Description: Product: Google Toolbar for Internet Explorer - Update '{A69176E2-1CFA-4677-B066-0C7D9D027558}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/20/2012 10:05:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/18/2012 03:20:15 AM) (Source: MsiInstaller) (User: Jay-PC)Jay-PC
Description: Product: Google Toolbar for Internet Explorer - Update '{A69176E2-1CFA-4677-B066-0C7D9D027558}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/18/2012 02:30:13 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/18/2012 01:33:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/16/2012 00:49:57 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/15/2012 00:07:58 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPERANTISPYWARE\SUPERANTISPYWARE ALTERNATE START.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/15/2012 00:07:58 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPERANTISPYWARE\SUPERANTISPYWARE REGISTRATION-ACTIVATION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/15/2012 00:07:58 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPERANTISPYWARE\SUPERANTISPYWARE HELP.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/15/2012 00:07:58 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPERANTISPYWARE\SUPERANTISPYWARE FREE EDITION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (10/20/2012 10:16:54 PM) (Source: Service Control Manager) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (10/20/2012 10:16:53 PM) (Source: Service Control Manager) (User: )
Description: 30000Google Update Service (gupdate)

Error: (10/20/2012 10:16:43 PM) (Source: DCOM) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/20/2012 10:06:38 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (10/20/2012 10:00:24 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/20/2012 10:00:26 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.102 for the Network Card with network address 0013E80E216B has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (10/18/2012 10:50:46 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/18/2012 02:26:46 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/18/2012 01:31:11 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/18/2012 01:31:13 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.102 for the Network Card with network address 0013E80E216B has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (10/20/2012 10:10:52 PM) (Source: MsiInstaller)(User: Jay-PC)Jay-PC
Description: Google Toolbar for Internet Explorer{A69176E2-1CFA-4677-B066-0C7D9D027558}1625(NULL)(NULL)

Error: (10/20/2012 10:05:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/18/2012 03:20:15 AM) (Source: MsiInstaller)(User: Jay-PC)Jay-PC
Description: Google Toolbar for Internet Explorer{A69176E2-1CFA-4677-B066-0C7D9D027558}1625(NULL)(NULL)

Error: (10/18/2012 02:30:13 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/18/2012 01:33:23 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/16/2012 00:49:57 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/15/2012 00:07:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPERANTISPYWARE\SUPERANTISPYWARE ALTERNATE START.LNK

Error: (10/15/2012 00:07:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPERANTISPYWARE\SUPERANTISPYWARE REGISTRATION-ACTIVATION.LNK

Error: (10/15/2012 00:07:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPERANTISPYWARE\SUPERANTISPYWARE HELP.LNK

Error: (10/15/2012 00:07:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPERANTISPYWARE\SUPERANTISPYWARE FREE EDITION.LNK


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1784.41616)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.1.0.5790)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Flash Player 9 ActiveX (Version: 9.0.115.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update (Version: 2.0.2.92)
ArcSoft PhotoImpression 4
Camera Driver
Civilization: Call To Power
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo XI (Version: 11.003.0000)
Corel Snapfire Plus (Version: 1.003.0000)
Creative MediaSource 5 (Version: 5.00)
Dell AIO 810
Dell System Customization Wizard (Version: 1.00.0000)
DellSupport (Version: 6.0.3030)
Digital Line Detect (Version: 1.21)
Dropbox (Version: 1.4.7)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fax Solutions
GameSpy Comrade (Version: 1.4.3.154)
Google Chrome (Version: 22.0.1229.94)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.508
Intel® Graphics Media Accelerator Driver
iTunes (Version: 7.2.0.35)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 5 (Version: 7.0.50)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8089.726)
LimeWire PRO 4.12.3 (Version: 4.12.3)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Map Button (Windows Live Toolbar) (Version: 03.01.0146)
MediaDirect (Version: 4.7)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)
Microsoft Digital Image Standard 2006 (Version: 11.0.0422)
Microsoft Digital Image Standard 2006 Editor (Version: 11.0.0422)
Microsoft Digital Image Standard 2006 Library (Version: 11.0.0422)
Microsoft Encarta Encyclopedia Standard 2006 (Version: 2006)
Microsoft Money 2006 (Version: 15)
Microsoft Office Accounting 2008 (Version: 3.0.8627.1)
Microsoft Office Accounting 2008 Equifax Addin (Version: 3.0.8231.0)
Microsoft Office Accounting 2008 Fixed Asset Manager (Version: 3.0.8231.0)
Microsoft Office Accounting 2008 PayPal Addin (Version: 3.0.8231.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Converter Pack (Version: 11.0.0.0)
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Streets & Trips 2006 (Version: 13.00.09.0200)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works (Version: 08.05.0818)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Microsoft Works Suite 2006 Setup Launcher
Modem Diagnostic Tool (Version: 1.0.17.8)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.41)
OpenOffice.org 3.3 (Version: 3.3.9567)
OutlookAddinSetup (Version: 1.0.0)
Perfect Uninstaller v6.3.3.9
PerfectDisk (Version: 8.00.068)
QuickSet (Version: 7.2.11)
QuickTime (Version: 7.1.6.200)
RealPlayer
Rhapsody Player Engine (Version: 1.0.604)
Rogers Online Protection (Version: 7.0.28)
Rogers Servicepoint Agent 2.0.21 (Version: 2.0.21)
Rogers Yahoo! Applications
Rogers Yahoo! Music Jukebox (Version: 2.2.1.035)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
RPS Ad Blocker (Version: 7.0.28)
RPS AntiFraud (Version: 7.0.28)
RPS AntiSpyware (Version: 7.0.28)
RPS AntiVirus (Version: 7.0.28)
RPS App Detector (Version: 7.0.28)
RPS Backup (Version: 7.0.28)
RPS Burn (Version: 7.0.28)
RPS CRT (Version: 7.0.28)
RPS Diagnostic Utility (Version: 7.0.28)
RPS Firewall (Version: 7.0.28)
RPS Ksdk (Version: 7.0.28)
RPS ParentalControl (Version: 7.0.28)
RPS Performance Tool (Version: 7.0.28)
RPS PopupBlocker (Version: 7.0.28)
RPS Privacy Manager (Version: 7.0.28)
RPS RpsCore (Version: 7.0.28)
RPS Security Cleanup (Version: 7.0.28)
RPS Zip (Version: 7.0.28)
RTC Client API v1.2 (Version: 1.2.0000)
SAM 2003 (Version: 3.1.6601)
Sid Meier's Civilization 4 Gold (Version: 1.72)
SigmaTel Audio (Version: 5.10.5102.0)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Sonic Activation Module (Version: 1.0)
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
SUPERAntiSpyware (Version: 5.6.1010)
Symantec Technical Support Web Controls (Version: 3.4.0)
Synaptics Pointing Device Driver (Version: 9.0.1.3)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update Manager (remove only)
User's Guides
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)
Works Upgrade (Version: 8.0.0.0000)

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows is removing this device. (Code 21)
Resolution: Wait several seconds, and then press the F5 key to update the Device Manager view.
If that does not resolve the problem, restart your computer.


========================= Memory info: ===================================

Percentage of memory in use: 76%
Total physical RAM: 2037.71 MB
Available physical RAM: 478.26 MB
Total Pagefile: 4314.45 MB
Available Pagefile: 2230.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.03 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:99.74 GB) (Free:16.64 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.36 GB) NTFS
3 Drive e: (NEW) (CDROM) (Total:4.13 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\JAY-PC

Administrator ASPNET Guest
Jay Test


**** End of log ****


Norman Malware Cleaner v2.06.01
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1504, Date: 2012/10/17 09:14:10, Variants: 19069384
nvcmacro.def: Version: 0.00.00, Date: 1969/12/31 19:00:00, Variants: 0

Operating System: Windows Vista Service Pack 1

Switches: /iagree /cleanrootkit /nosb

Scan started: 2012/10/18 03:13:50

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 1s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 2830
Number of objects scanned: 2830
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 3m 54s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\Boot\BCD: Error opening file for read: 0x00000020
C:\Boot\BCD.LOG: Error opening file for read: 0x00000020
C:\Program Files\Common Files\aol\acs\uninst.exe: File infected with win32:winpe/Smalltroj.RWUG
Delete file: C:\Program Files\Common Files\aol\acs\uninst.exe
Cleaning successful
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf: Error opening file for read: 0x00000020

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-66E8DCF2D7762F6AF1BB875A03A85FCCCD7A4C34.bin.67: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-66E8DCF2D7762F6AF1BB875A03A85FCCCD7A4C34.bin.7E: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-66E8DCF2D7762F6AF1BB875A03A85FCCCD7A4C34.bin.87: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-66E8DCF2D7762F6AF1BB875A03A85FCCCD7A4C34.bin.80: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-66E8DCF2D7762F6AF1BB875A03A85FCCCD7A4C34.bin.A0: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-66E8DCF2D7762F6AF1BB875A03A85FCCCD7A4C34.bin.VE0: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-66E8DCF2D7762F6AF1BB875A03A85FCCCD7A4C34.bin.VE1: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-66E8DCF2D7762F6AF1BB875A03A85FCCCD7A4C34.bin.VF: Error opening file for read: 0x00000020
C:\ProgramData\Rogers Online Protection\Rogers Online Protection\Logs\Firewall - Blocked Packets - 10-18-2012--02-31-56.log: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Cache\index: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Current Session: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Current Tabs: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Google\Chrome\User Data\lockfile: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Microsoft\Windows Defender\FileTracker\{0DDB19FC-9126-48B8-A9D1-F774CFAC211D}: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Temp\etilqs_4cEBTW6TE5vbuBH: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Temp\etilqs_7Q24osIc1ZXuaFu: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Temp\etilqs_v8qLI81dqx4dKqe: Error opening file for read: 0x00000020
C:\Users\Jay\AppData\Local\Temp\etilqs_zeeUVomRhgxtnmp: Error opening file for read: 0x00000020
C:\Users\Jay\ntuser.dat: Error opening file for read: 0x00000020
C:\Users\Jay\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Jay\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\SoftwareDistribution\EventCache\{D0E62C90-4339-45C2-A216-36220903C8FE}.bin: Error opening file for read: 0x00000020
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0: Error opening file for read: 0x00000020
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\components: Error opening file for read: 0x00000020
C:\Windows\System32\config\COMPONENTS.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\COMPONENTS.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\default: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\COMPONENTS: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\sam: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\security: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\software: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\system: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\drivers\fidbox.dat: Error opening file for read: 0x00000020
C:\Windows\System32\drivers\fidbox.idx: Error opening file for read: 0x00000020
C:\Windows\Temp\JETD91F.tmp: Error opening file for read: 0x00000020
C:\Windows\Temp\TMP0000005DB0CC21B5BA5B35CC: Error opening file for read: 0x00000020
C:\Windows\Temp\~ROMFN_00000B68: Error opening file for read: 0x00000020

Number of files found: 258990
Number of archives unpacked: 10679
Number of objects found: 847994
Number of objects scanned: 847907
Number of objects not scanned: 87
Number of malicious objects found: 1
Number of malicious objects cleaned: 1
Number of malicious files found: 1
Number of malicious files cleaned: 1
Scanning time: 6h 6m 27s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 1s

Results:
Total number of files found: 258990
Total number of archives unpacked: 10679
Total number of objects found: 850824
Total number of objects scanned: 850737
Total number of objects not scanned: 87
Total number of malicious objects found: 1
Total number of malicious objects cleaned: 1
Total number of malicious files found: 1
Total number of malicious files cleaned: 1
Total number of objects quarantined: 1
Total scanning time: 6h 10m 23s



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.14.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Jay :: JAY-PC [administrator]

14/10/2012 8:39:04 PM
mbam-log-2012-10-14 (20-39-04).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 468937
Time elapsed: 2 hour(s), 19 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


# AdwCleaner v2.005 - Logfile created 10/18/2012 at 02:20:19
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Jay - JAY-PC
# Boot Mode : Normal
# Running from : C:\Users\Jay\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Jay\AppData\Local\Babylon
Folder Deleted : C:\Users\Jay\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Jay\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Jay\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Jay\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Jay\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Test\AppData\LocalLow\BabylonToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=8e4bdcc20000000000000013e80e216b --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=100478&babsrc=NT_ss&mntrId=8e4bdcc20000000000000013e80e216b --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\s4xfco0x.default\prefs.js

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=8e4b[...]
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=NT_s[...]
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=8e4bdcc2000000[...]

Profile name : default
File : C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\khelybmr.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5574 octets] - [18/10/2012 02:20:19]

########## EOF - C:\AdwCleaner[S1].txt - [5634 octets] ##########

#4 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 21 October 2012 - 06:19 PM

I don't know what happen to the ESET scan.

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:10 PM

Posted 21 October 2012 - 07:51 PM

How can I view the ESET Online Scanner log file?
The ESET Online Scanner saves a log file after running.. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt".
You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

Where did this log come from ??
Norman Malware Cleaner v2.06.01 - Copyright © 1990 - 2012, Norman ASA.

Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

The Babylon, Viewpoint, FunWebProducts, MyWebSearch, all needed removal, and are now gone.

Download Rogue killer
Right click on it and select run as administrator
Now,click on HOSTS FIX option on right side
A log should get generated after the fix ,post the log here

Is the system any better -

Edited by noknojon, 21 October 2012 - 07:53 PM.


#6 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 22 October 2012 - 12:57 PM

I scan with ESET again because I couldn't find the log. When I scanned the second time it didn't give a report but there were no infected files.

Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Rogers Online Protection Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
RPS AntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Rogers Online Protection Rogers Online Protection Fws.exe
Rogers Online Protection Rogers Servicepoint Agent RogersServicepointAgent.exe
Rogers Online Protection Rogers Online Protection RpsSecurityAwareR.exe
Rogers Online Protection Rogers Online Protection RPS.exe
Rogers Online Protection Rogers Online Protection Kav Bin\ScanningProcess.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jay [Admin rights]
Mode : Scan -- Date : 10/22/2012 13:37:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : BigDog303 (C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)) -> FOUND
[TASK][SUSP PATH] Norton Internet Security - Run Full System Scan - Jay : C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> FOUND
[TASK][SUSP PATH] {48D2B712-F43D-49E5-B3E6-BCBAD375730B} : C:\Windows\System32\pcalua.exe -a "C:\Users\Jay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13M3J44D\kazaa_setup[1].exe" -d C:\Users\Jay -> FOUND
[TASK][SUSP PATH] {A886313C-8E7F-46C8-B26B-4F853E4DAC96} : C:\Windows\System32\pcalua.exe -a "C:\Users\Jay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFX0XQCL\kazaa_setup[1].exe" -d C:\Users\Jay -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVS-75RST0 ATA Device +++++
--- User ---
[MBR] cc8f0b4b95fed0e6b0534db51f07ea31
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 102136 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 230244352 | Size: 2048 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



What should I do now? What about my other computer?

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:10 PM

Posted 22 October 2012 - 03:34 PM

What should I do now? What about my other computer?


You have another topic running for the other computer so I can not comment on that one -
This computer seems infection free and only needs a few updates to be installed.

Go - Control Panel > Click on Java icon > Seecond tab is Update > Java™ 7 Update 9 is now current -
Uninstall older versions from Programs and Features -

Malwarebytes has been updated > Open the program > Click on Update and install the new updated version -

If you are not having any specific problems, that is about all I can do for now -

Thank You -



#8 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 25 October 2012 - 02:55 PM

Hi, when I ran Norman on this computer it found (:\Program Files\Common Files\aol\acs\uninst.exe: File infected with win32:winpe/Smalltroj.RWUG). Is this only specific to WinXP? Also, if I reformat my computer will this comback? One last thing about this virus why can't I find any information about this varient?

Edited by Fixing1, 25 October 2012 - 02:57 PM.


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:10 PM

Posted 25 October 2012 - 06:00 PM

Hello -
Am I being asked to cross check on this computer, or your other computer, as I can not / will not, do both in the same topic -

\Program Files\Common Files\aol\acs\uninst.exe: File infected with win32:winpe/Smalltroj.RWUG (or a rough variation of it) seems to indicate that an install of XP was not Genuine (example being a BartsPE install), or the system has been corrupted in some way. See the (win32:winpe) notation, indicates a BartsPE type install -

Your system is Windows Vista SP1, and has never been updated to Vista SP2 ?? So why would you be asking if it was a XP infection only ??

First update to Vista SP2 as you have missed many important updates. Then check for all missing Windows Updates, and install all Express Updates, and do not install any Custom Updates as they are not required - Select Download updates, and let me choose when to Install them -
Install all updates 1 at a time, so your system is not overloaded with too many items -

Thank You -



#10 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 06 November 2012 - 10:56 PM

Sorry for not explaining. The Norman scan found W32/SuspiciousPE.F and when I did the same scan on my Vista it found win32:winpe/Smalltroj.RWUG. The Vista is compatible with XP. From the information that I was able to gather about the small troj it may not harm my vista but it can harm my XP.

Also, what is a BartsPE? Asfar as I know my stuff for both my computers is genuine! I would really like more information and I really thank you for your help.

#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:10 PM

Posted 07 November 2012 - 12:45 AM

Hello -
Yes I still have this topic on my wach list, as it was not resolved fully -

win32:winpe/Smalltroj.RWUG and W32/SuspiciousPE.F are not actually "closely related" from what I read,

Bart's Preinstalled Environment (BartPE) < < Just F.Y.I.

One last thing about this virus why can't I find any information about this varient? <<There is information available if you spend time looking for it, as we must -

The Vista is compatible with XP << They are not technically related - Vista is the first (bad) version of a Windows7, not last version of XP -
You must mean something else rather than you have actually stated, by the above line -

Do you have Vista SP2 installed now ?? If not, you are missing heaps of updates, since support for SP1 finished quite a while back -

#12 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 02 December 2012 - 12:59 PM

The answer to the first question about the virus' is that they may not be related other than the fact that they seem to be related to a bad installation. But both of these computers came with programs already installed so I don't understand the Bart's and how that applies here. There is a lot of information on these virus' yes but I can't find any specific information on the variants that these are. Meaning the exact ones which is new because everything else I have been hit with I have been able to find information on the exact type.

I have updated to SP 2. I'm not sure if my computer is moving slower now.

#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:10 PM

Posted 02 December 2012 - 05:56 PM

Hi -
If you wish for deeper scans and other removal methods, I would say to start another post like the one you have with Oh My in Malware Removal.
As that topic is still running, I would ask about both computers and if the infection is related to similar downloads or can you combine them.

I can not ask for DDS or run ComboFix in this area of the forum, so some details of youe infections may still be vague (lack of logs).
We can only find if you are infected and if they are simple infections, in this area, get you to update programs and run basic removal tools -

Often this will remove your problems, but I am limited in asking for a lot more that the Experts can help with.
I hope you understand as this is the Am I Infected area and not Malware Removal area -

I can't find any specific information on the variants << Many companies call these by other names or use "general" terms for infections
win32:winpe/Smalltroj.RWUG may be often described as a variant of another infection by many diagnostic programs. Trojan.Agent/Gen-Downldr is a typical example
This can cover many variants of of the one infection that shows in one scan by a more specific name, or simply Smalltroj.Agent/Gen -

Please post in Malware Removal with the requested logs for a more detailed inspection / removal of your problems if they still exist.

Thank You -

#14 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 02 December 2012 - 06:50 PM

Thank you for the reply.....You all do really good work here even if you couldn't help me directly here this is still better than doing it on my own. One last thing. One of those virus' I found using Norman and that log is on this page should I ask the person helping me to look back here or do we need to scan again and find it again?

#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:10 PM

Posted 02 December 2012 - 10:21 PM

Hi -
Mention it to Oh My and he will need new fresh DDS logs for computer #2 -
You may be asked to start a fresh topic and you can link back to here -

Copy / Paste this link http://www.bleepingcomputer.com/forums/topic472550.html/page__view__findpost__p__2874473

Regards -




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users