Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan 011817(squiggly line) 1.exe


  • Please log in to reply
29 replies to this topic

#1 Rick605

Rick605

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:03:54 PM

Posted 25 January 2014 - 09:11 PM

When I restarted my computer Trojan 011817(squiggly line) 1.exe showed up in the windows task manager. As well as my firewall being off...twice.
 
I also noticed that my system restore is off and I don't recall ever shutting it off.
 
Does anyone know if I have a virus?

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due the the absence of any malware logs being included in the topic. Point of information for future reference, Squiggly Line is also known as a tilde. ~ Animal

 

 

Sorry for not including reports.....

 

Hopefully these will help...

 

Avira Free Antivirus
Report file date: Saturday, January 25, 2014  20:56


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Microsoft Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : RICKCOMPUTER

Version information:
BUILD.DAT       : 14.0.2.286     55547 Bytes   12/9/2013 11:37:00
AVSCAN.EXE      : 14.0.2.254   1032760 Bytes   1/22/2014 05:40:13
AVSCANRC.DLL    : 14.0.2.180     52280 Bytes   1/22/2014 05:40:17
LUKE.DLL        : 14.0.2.234     65592 Bytes   1/22/2014 05:51:43
AVSCPLR.DLL     : 14.0.2.254    124472 Bytes   1/22/2014 05:40:23
AVREG.DLL       : 14.0.2.212    250424 Bytes   1/22/2014 05:39:52
avlode.dll      : 14.0.2.254    540216 Bytes   1/22/2014 05:38:45
avlode.rdf      : 13.0.1.66      56973 Bytes   1/22/2014 06:00:12
VBASE000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 05:11:25
VBASE001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 05:12:24
VBASE002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 05:13:33
VBASE003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 05:14:29
VBASE004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 05:16:06
VBASE005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 05:18:53
VBASE006.VDF    : 7.11.103.230  2293248 Bytes   9/24/2013 05:19:52
VBASE007.VDF    : 7.11.116.38  5485568 Bytes  11/28/2013 05:22:07
VBASE008.VDF    : 7.11.126.50  3615744 Bytes   1/22/2014 17:02:33
VBASE009.VDF    : 7.11.126.51     2048 Bytes   1/22/2014 17:02:34
VBASE010.VDF    : 7.11.126.52     2048 Bytes   1/22/2014 17:02:34
VBASE011.VDF    : 7.11.126.53     2048 Bytes   1/22/2014 17:02:34
VBASE012.VDF    : 7.11.126.54     2048 Bytes   1/22/2014 17:02:34
VBASE013.VDF    : 7.11.126.55     2048 Bytes   1/22/2014 17:02:34
VBASE014.VDF    : 7.11.126.251   188928 Bytes   1/25/2014 17:02:36
VBASE015.VDF    : 7.11.126.252     2048 Bytes   1/25/2014 17:02:37
VBASE016.VDF    : 7.11.126.253     2048 Bytes   1/25/2014 17:02:37
VBASE017.VDF    : 7.11.126.254     2048 Bytes   1/25/2014 17:02:37
VBASE018.VDF    : 7.11.126.255     2048 Bytes   1/25/2014 17:02:37
VBASE019.VDF    : 7.11.127.0      2048 Bytes   1/25/2014 17:02:37
VBASE020.VDF    : 7.11.127.1      2048 Bytes   1/25/2014 17:02:37
VBASE021.VDF    : 7.11.127.2      2048 Bytes   1/25/2014 17:02:37
VBASE022.VDF    : 7.11.127.3      2048 Bytes   1/25/2014 17:02:38
VBASE023.VDF    : 7.11.127.4      2048 Bytes   1/25/2014 17:02:38
VBASE024.VDF    : 7.11.127.5      2048 Bytes   1/25/2014 17:02:38
VBASE025.VDF    : 7.11.127.6      2048 Bytes   1/25/2014 17:02:38
VBASE026.VDF    : 7.11.127.7      2048 Bytes   1/25/2014 17:02:38
VBASE027.VDF    : 7.11.127.8      2048 Bytes   1/25/2014 17:02:38
VBASE028.VDF    : 7.11.127.9      2048 Bytes   1/25/2014 17:02:38
VBASE029.VDF    : 7.11.127.10     2048 Bytes   1/25/2014 17:02:39
VBASE030.VDF    : 7.11.127.11     2048 Bytes   1/25/2014 17:02:39
VBASE031.VDF    : 7.11.127.54    72704 Bytes   1/25/2014 17:02:40
Engine version  : 8.2.12.180
AEVDF.DLL       : 8.1.3.4       102774 Bytes   1/22/2014 05:29:42
AESCRIPT.DLL    : 8.1.4.182     520574 Bytes   1/25/2014 17:03:21
AESCN.DLL       : 8.1.10.6      131447 Bytes   1/22/2014 05:29:26
AESBX.DLL       : 8.2.20.6     1331575 Bytes   1/22/2014 05:29:57
AERDL.DLL       : 8.2.0.138     704888 Bytes   1/22/2014 05:29:21
AEPACK.DLL      : 8.3.3.12      774521 Bytes   1/25/2014 17:03:19
AEOFFICE.DLL    : 8.1.2.76      205181 Bytes   1/22/2014 05:28:54
AEHEUR.DLL      : 8.1.4.882    6451578 Bytes   1/25/2014 17:03:13
AEHELP.DLL      : 8.1.27.10     266618 Bytes   1/22/2014 05:27:32
AEGEN.DLL       : 8.1.7.22      446839 Bytes   1/22/2014 05:27:19
AEEXP.DLL       : 8.4.1.176     418168 Bytes   1/25/2014 17:03:24
AEEMU.DLL       : 8.1.3.2       393587 Bytes   1/22/2014 05:27:04
AECORE.DLL      : 8.1.33.0      225657 Bytes   1/22/2014 05:26:40
AEBB.DLL        : 8.1.1.4        53619 Bytes   1/22/2014 05:26:25
AVWINLL.DLL     : 14.0.2.180     23608 Bytes   1/22/2014 04:38:38
AVPREF.DLL      : 14.0.2.180     48696 Bytes   1/22/2014 05:39:44
AVREP.DLL       : 14.0.2.180    175672 Bytes   1/22/2014 05:39:58
AVARKT.DLL      : 14.0.2.254    256056 Bytes   1/22/2014 05:34:58
AVEVTLOG.DLL    : 14.0.2.180    165944 Bytes   1/22/2014 05:36:03
SQLITE3.DLL     : 3.7.0.1       394808 Bytes   1/22/2014 05:55:41
AVSMTP.DLL      : 14.0.2.180     60472 Bytes   1/22/2014 05:41:00
NETNT.DLL       : 14.0.2.180     13368 Bytes   1/22/2014 05:52:23
RCIMAGE.DLL     : 14.0.2.180   4788792 Bytes   1/22/2014 04:39:06
RCTEXT.DLL      : 14.0.2.236     72760 Bytes   1/22/2014 04:39:10

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Saturday, January 25, 2014  20:56

Start scanning boot sectors:
Boot sector 'HDD0(C:, D:)'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'rsmsink.exe' - '30' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '92' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '77' Module(s) have been scanned
Scan process 'plugin-container.exe' - '66' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'saui.exe' - '30' Module(s) have been scanned
Scan process 'WDRulesEngine.exe' - '60' Module(s) have been scanned
Scan process 'WDDriveService.exe' - '36' Module(s) have been scanned
Scan process 'plugin-container.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '81' Module(s) have been scanned
Scan process 'rundll32.exe' - '33' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '50' Module(s) have been scanned
Scan process 'firefox.exe' - '104' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'MDM.EXE' - '21' Module(s) have been scanned
Scan process 'mcsacore.exe' - '53' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '16' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '11' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'ehSched.exe' - '19' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '46' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '29' Module(s) have been scanned
Scan process 'vntldr.exe' - '25' Module(s) have been scanned
Scan process 'apnmcp.exe' - '24' Module(s) have been scanned
Scan process 'avguard.exe' - '81' Module(s) have been scanned
Scan process 'WDSmartWare.exe' - '111' Module(s) have been scanned
Scan process 'WDDMStatus.exe' - '28' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '17' Module(s) have been scanned
Scan process 'msmsgs.exe' - '46' Module(s) have been scanned
Scan process 'winpatrol.exe' - '75' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '64' Module(s) have been scanned
Scan process 'issch.exe' - '11' Module(s) have been scanned
Scan process 'avgnt.exe' - '71' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '18' Module(s) have been scanned
Scan process 'igfxpers.exe' - '23' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'hkcmd.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'Explorer.EXE' - '124' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'spoolsv.exe' - '71' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '66' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '4174' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: Saturday, January 25, 2014  22:41
Used time:  1:44:43 Hour(s)

The scan has been done completely.

  14502 Scanned directories
 533613 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 533613 Files not concerned
  17653 Archives were scanned
      0 Warnings
      0 Notes
 725847 Objects were scanned with rootkit scan
      0 Hidden objects were found
 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.25.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: RICKCOMPUTER [administrator]

1/25/2014 11:03:02 PM
mbam-log-2014-01-25 (23-03-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246531
Time elapsed: 17 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


Edited by Rick605, 25 January 2014 - 11:21 PM.


BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:54 PM

Posted 26 January 2014 - 02:59 PM

Hi Rick605
 
And welcome!

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • ====
    Please download Rkill by Grinler and save it to your desktop.
    • Link 1
    • Link 2
      • Double-click on the Rkill desktop icon to run the tool.
      • If using Vista, right-click on it and Run As Administrator.
      • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      • If not, delete the file, then download and use the one provided in Link 2.
      • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      • If the tool does not run from any of the links provided, please let me know.
    • Do not reboot the computer, you will need to run the application again.
    ====

    Please download and scan with SUPERAntiSpyware Free
    • Double-click SUPERAntiSypware.exe, choose Custom Install and uncheck the options to install Google Chrome or any offers for free toolbars if you do not want them.
    • After setup completes...Decline any Trial offers to upgrade to the Pro Version.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
    • In the Main Menu, click System Tools & Program Settings, then click Preferences.
    • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
    • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the Back button on the bottom, then click Home to return to the Main Menu.
    • Back on the Main Menu, under "Select Scan Type" check the box for Complete Scan.
    • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
    • Click the Scan your computer... button.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the Main Menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
    • Click the View Scan Logs button at the bottom.
    • This will open the Scanner Logs Window.
    • Click on the log to highlight it and then click on View Selected Log to open it.
    • Copy and paste the scan log results in your next reply.
    ====

    Please download AdwCleaner by Xplode and save to your Desktop.
    Double click on AdwCleaner.exe to run the tool.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer
    • After the scan has finished...
    • click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    • ====

      I'd like us to scan your machine with ESET OnlineScan

      Note:You will however need to disable your current installed Anti-Virus, how to do so can be read here.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the esetsmartinstaller_enu.png
          icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
        • Scan potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Edited by DASOS, 26 January 2014 - 03:45 PM.


#3 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:03:54 PM

Posted 26 January 2014 - 04:13 PM

Farbar Service Scanner Version: 08-01-2014
Ran by HP_Administrator (administrator) on 26-01-2014 at 15:56:48
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/26/2014 03:59:21 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic

 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 01/26/2014 04:03:10 PM
Execution time: 0 hours(s), 3 minute(s), and 48 seconds(s)

 

I used Superantispyware when I went to bed last night and this is the log. I didn't use my computer much since then. Do you want me to run it again?

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2014 at 02:21 AM

Application Version : 5.7.1016

Core Rules Database Version : 11000
Trace Rules Database Version: 8812

Scan type       : Complete Scan
Total Scan Time : 02:47:03

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 576
Memory threats detected   : 0
Registry items scanned    : 40131
Registry threats detected : 0
File items scanned        : 135770
File threats detected     : 228

Adware.Tracking Cookie
    .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .clickbank.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .adtechus.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .adtechus.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .cli.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .media.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .pro-market.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .adlegend.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    sv.liveclicker.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    c1.adform.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ad.mlnadvertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    spark.sparktrust.revenuewire.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    spark.sparktrust.revenuewire.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    spark.sparktrust.revenuewire.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .sparktrust.revenuewire.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    secure.uac.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8JJ4WM37.DEFAULT-1390419773306\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .clickbank.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .adtechus.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .adtechus.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    engine.350media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .cli.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\98K0ES70.DEFAULT-1390058392859\COOKIES.SQLITE ]
 

 

More to follow....

 

 

# AdwCleaner v3.017 - Report created 26/01/2014 at 16:15:27
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - RICKCOMPUTER
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\DriverCure

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8jj4wm37.default-1390419773306\prefs.js ]


[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\98k0es70.default-1390058392859\prefs.js ]

Line Deleted : user_pref("extensions.AVIRA-V7C.apn.tldcache", "{\"date\":1390419559390,\"domainList\":[\"ac\",\"com.ac\",\"edu.ac\",\"gov.ac\",\"net.ac\",\"mil.ac\",\"org.ac\",\"ad\",\"nom.ad\",\"ae\",\"co.ae\",\"ne[...]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [34172 octets] - [13/11/2013 17:13:27]
AdwCleaner[R1].txt - [10215 octets] - [14/11/2013 10:29:21]
AdwCleaner[R2].txt - [10587 octets] - [14/11/2013 10:33:41]
AdwCleaner[R3].txt - [11521 octets] - [14/11/2013 11:51:22]
AdwCleaner[R4].txt - [11510 octets] - [14/11/2013 12:09:51]
AdwCleaner[R5].txt - [10827 octets] - [14/11/2013 14:02:23]
AdwCleaner[R6].txt - [10431 octets] - [14/11/2013 15:42:31]
AdwCleaner[R7].txt - [2276 octets] - [24/12/2013 10:40:40]
AdwCleaner[R8].txt - [2649 octets] - [26/01/2014 16:13:46]
AdwCleaner[S0].txt - [34874 octets] - [13/11/2013 17:18:06]
AdwCleaner[S1].txt - [10899 octets] - [14/11/2013 10:38:28]
AdwCleaner[S2].txt - [11847 octets] - [14/11/2013 11:53:41]
AdwCleaner[S3].txt - [11811 octets] - [14/11/2013 12:12:02]
AdwCleaner[S4].txt - [11091 octets] - [14/11/2013 14:04:36]
AdwCleaner[S5].txt - [10678 octets] - [14/11/2013 15:44:04]
AdwCleaner[S6].txt - [2345 octets] - [24/12/2013 10:43:57]
AdwCleaner[S7].txt - [2580 octets] - [26/01/2014 16:15:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2640 octets] ##########

 

 

I'll post ESET when it's done...looks like it will be a while.....thank you for your help Stelios-DASOS :)
 


Edited by Rick605, 26 January 2014 - 05:05 PM.


#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:54 PM

Posted 26 January 2014 - 05:25 PM

Take your time no problem! :wink:

After eset :
====
Please download
Hosts-perm.bat
From here: http://www.bleepingcomputer.com/download/hosts-permbat/
Reed the instructions
====
Please also go here:
http://www.raymarron.com/hostess/
Download Hostess41.zip
Reed the instructions and install
====
Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Stelios



#5 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:03:54 PM

Posted 26 January 2014 - 06:28 PM

C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\wrtc.exe.vir    a variant of Win32/Toolbar.Perion.G application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\VNT\vntldr.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe    Win32/Bundled.Toolbar.Ask.E application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\SO.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\toolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\ToolbarPS.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.0_AVIRA-V7C.msi    a variant of Win32/Bundled.Toolbar.Ask.F application    deleted - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\VNT\vntldr.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Program Files\VNT\vntldr.exe    a variant of Win32/Bundled.Toolbar.Ask.F application    cleaned by deleting - quarantined
C:\WINDOWS\Installer\296be31.msi    a variant of Win32/Bundled.Toolbar.Ask.F application    deleted - quarantined
 



#6 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:03:54 PM

Posted 26 January 2014 - 06:39 PM

When I press any key to continue on perm bat it disappears and I can't figure out Hostess.

 

 

Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 SUPERAntiSpyware Free Edition   
 Antispyware     
 McAfee SiteAdvisor    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player     11.9.900.170  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.72  
 Google Chrome 32.0.1700.76  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 BillP Studios WinPatrol winpatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 



#7 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:54 PM

Posted 27 January 2014 - 04:53 AM

Hi rock!
 
Microsoft has created a Fix-It tool to reset the hosts file. Just download the fix-it and run it to reset the hosts file.
 
Please download HostsMan   from HERE
reed the instructions
 
Click OK to any win patrol alert!!!
====

  • Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
====

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ 
====

run Rkiil again and post that log also.

How is your comp now?

Stelios

#8 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:03:54 PM

Posted 27 January 2014 - 12:41 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by HP_Administrator on Mon 01/27/2014 at 12:31:39.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\sparktrust"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Application Data\sparktrust"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/27/2014 at 12:37:46.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/27/2014 12:59:06 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic

 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1    localhost

Program finished at: 01/27/2014 01:00:24 PM
Execution time: 0 hours(s), 1 minute(s), and 18 seconds(s)

I'm still trying to figure out Hostman. The firewall did come on the last time I restarted, so my computer might be ok, I'm going to restart again and make sure it comes on.


Edited by Rick605, 27 January 2014 - 01:06 PM.


#9 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:54 PM

Posted 27 January 2014 - 04:22 PM

Hi rick!


• Click Start > Run
• Copy & paste the following into the run box & click OK

%SYSTEMROOT%\System32\restore\rstrui.exe

 

• When System Restore opens, click Create a restore point, then click Next.
• Type a description for the restore point.
• Click create
• After a short while you should see Restore point created if successful

 

Let me know if that works.
=====

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



#10 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:03:54 PM

Posted 27 January 2014 - 04:35 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by HP_Administrator (administrator) on 27-01-2014 at 16:31:24
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



127.0.0.1    localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=8.26.56.26 register=PRIMARY
add dns name="Local Area Connection" addr=156.154.70.22 index=2
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : RickComputer

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : gateway.2wire.net

        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-13-D4-C7-95-94

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.65

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 8.26.56.26

                                            156.154.70.22

        Lease Obtained. . . . . . . . . . : Monday, January 27, 2014 1:27:28 PM

        Lease Expires . . . . . . . . . . : Tuesday, January 28, 2014 1:27:28 PM

Server:  ns1.recursive.dns.com
Address:  8.26.56.26

Name:    google.com.gateway.2wire.net
Address:  92.242.144.50



Pinging google.com [173.194.113.168] with 32 bytes of data:



Reply from 173.194.113.168: bytes=32 time=113ms TTL=51

Reply from 173.194.113.168: bytes=32 time=115ms TTL=51



Ping statistics for 173.194.113.168:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 113ms, Maximum = 115ms, Average = 114ms

Server:  ns1.recursive.dns.com
Address:  8.26.56.26

Name:    yahoo.com.gateway.2wire.net
Address:  92.242.144.50



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=89ms TTL=50

Reply from 98.138.253.109: bytes=32 time=115ms TTL=50



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 89ms, Maximum = 115ms, Average = 102ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 d4 c7 95 94 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.65      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0     192.168.1.65    192.168.1.65      20
      192.168.1.0    255.255.255.0     192.168.1.65    192.168.1.65      20
     192.168.1.65  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255     192.168.1.65    192.168.1.65      20
        224.0.0.0        240.0.0.0     192.168.1.65    192.168.1.65      20
  255.255.255.255  255.255.255.255     192.168.1.65    192.168.1.65      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/25/2014 07:10:35 PM) (Source: Application Error) (User: )
Description: Faulting application avwebgrd.exe, version 14.0.2.254, faulting module avwebgrd.exe, version 14.0.2.254, fault address 0x000486f5.
Processing media-specific event for [avwebgrd.exe!ws!]

Error: (01/20/2014 06:29:31 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x800708ca (converted to 0x800423f4).

Error: (01/20/2014 11:13:45 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x800708ca (converted to 0x800423f4).

Error: (01/19/2014 10:43:14 PM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/19/2014 10:51:46 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.6.70, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/07/2014 08:29:58 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6683.5002, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2013 04:39:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x800708ca (converted to 0x800423f4).

Error: (12/23/2013 11:54:05 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070422 (converted to 0x800423f4).

Error: (12/23/2013 11:53:05 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070422 (converted to 0x800423f4).

Error: (12/23/2013 11:52:05 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070422 (converted to 0x800423f4).


System errors:
=============
Error: (01/27/2014 00:42:17 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/27/2014 00:42:17 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/27/2014 00:42:17 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/27/2014 11:48:42 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/27/2014 11:47:32 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/27/2014 11:46:23 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/27/2014 11:45:16 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/27/2014 11:44:06 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/27/2014 11:42:59 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/27/2014 11:41:51 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.9.0.1210)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.7.148)
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
Antispyware (Version: 4.0.3152)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
AT&T Yahoo! Messenger
Avira Free Antivirus (Version: 14.0.2.286)
Avira SearchFree Toolbar (Version: 12.10.0.2951)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Big Kahuna Reef from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour (Version: 3.0.0.10)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm (Version: 53.0.13.000)
CameraDrivers (Version: 5.0.0.290)
CameraDrivers (Version: 5.0.0.328)
CCleaner (Version: 3.16)
Citrix Online Launcher (Version: 1.0.153)
CP_AtenaShokunin1Config (Version: 53.0.13.000)
CP_CalendarTemplates1 (Version: 53.0.13.000)
CP_Package_Basic1 (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_Panorama1Config (Version: 53.0.13.000)
Crystal Maze from HP Media Center (remove only)
CueTour (Version: 53.0.13.000)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digby's Donuts from HP Media Center (remove only)
DocProc (Version: 5.2.0.0)
DocumentViewer (Version: 53.0.13.000)
DocumentViewerQFolder (Version: 1.00.0000)
Dropbox (Version: 2.4.11)
Easy Internet Sign-up (Version: FE UI-4.0.0.1573)
ESET Online Scanner v3
FATE Demo from HP Media Center (remove only)
Fax (Version: 50.0.206.000)
Flip Words from HP Media Center (remove only)
GemMaster Mystic
Glary Utilities 3.9.2 (Version: 3.9.2.139)
Google Chrome (Version: 32.0.1700.76)
Google Talk Plugin (Version: 4.1.3.13728)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.22.3)
GoToMeeting 5.0.0.799 (Version: 5.0.0.799)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HostsMan 4.3.98 (Version: 4.3.98.0)
HP Boot Optimizer (Version: 1.0.2)
HP Deskjet Printer Preload (Version: 10.1.0)
HP DigitalMedia Archive (Version: 1.2)
HP Document Viewer 5.3 (Version: 5.3)
HP Game Console and games
HP Image Zone 5.3 (Version: 5.3)
HP Image Zone for Media Center PC (Version: 1.02.001)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series (Version: 8.1)
HP Photosmart Cameras 5.0 (Version: 5.0)
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HP Tunes (Version: 2.1.0.2)
HP Update (Version: 5.005.000.002)
HPProductAssistant (Version: 53.0.13.000)
HpSdpAppCoreApp (Version: 3.00.0000)
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 53.0.13.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4332)
IntelliMover Data Transfer Demo
InterVideo WinDVD Player (Version: 5.0-B11.789)
iTunes (Version: 11.1.2.31)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Jewel Quest from HP Media Center (remove only)
LightScribe  1.4.31.1 (Version: 1.4.31.1)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SiteAdvisor (Version: 3.6.176)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Money 2005 (Version: 14)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3500)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.04.0623)
Motorola SM56 Speakerphone Modem
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 4.0 (Version: 4.00.050)
muvee autoProducer unPlugged 1.1 - HPD (Version: 1.1.000)
NewCopy (Version: 50.0.206.000)
Office 2003 Tour (Version: 1.0.0)
Otto
PanoStandAlone (Version: 53.0.13.000)
PC-Doctor 5 for Windows (Version: 5.00.2832.01)
PhotoGallery (Version: 53.0.13.000)
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContext (Version: 50.0.206.000)
PS2
PSPrinters08 (Version: 8.01.0000)
PSTAPlugin (Version: 8.01.0000)
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2005 (Version: 14.00.0000)
QuickTime (Version: 7.73.80.64)
RandMap (Version: 53.0.13.000)
Readme (Version: 50.0.206.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Registry Repair 4.1.0.388 (Version: 4.1.0.388)
Revo Uninstaller 1.95 (Version: 1.95)
Ricochet Lost Worlds from HP Media Center (remove only)
Safari (Version: 5.34.57.2)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
SCRABBLE Blast from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
SCRABBLE Rack Attack from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1 (Version: 53.0.13.000)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.3 (Version: 6.3.105)
Slingo Deluxe from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
SolutionCenter (Version: 50.0.152.000)
Sonic Encoders (Version: 1.00)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.1.3)
Sonic RecordNow Audio (Version: 2.0.2)
Sonic RecordNow Copy (Version: 2.0.2)
Sonic RecordNow Data (Version: 2.0.2)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 53.0.13.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 53.0.13.000)
Super Granny from HP Media Center (remove only)
SUPERAntiSpyware Free Edition (Version: 4.0.0.1154)
Swarm from HP Media Center (remove only)
swMSM (Version: 12.0.0.1)
Tradewinds from HP Media Center (remove only)
TrayApp (Version: 53.0.13.000)
Unload (Version: 5.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WD SmartWare (Version: 1.2.0.20)
WD SmartWare (Version: 1.6.2.6)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 29.2.2013)
Yahoo! Install Manager
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 1015.29 MB
Available physical RAM: 654.98 MB
Total Pagefile: 2440.73 MB
Available Pagefile: 1674.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.17 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:178.3 GB) (Free:137.41 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8 GB) (Free:0.9 GB) FAT32

========================= Users: ========================================

User accounts for \\RICKCOMPUTER

Administrator            ASPNET                   Guest                    
HelpAssistant            HP_Administrator         SUPPORT_388945a0         
SUPPORT_fddfa904         

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================


**** End of log ****
 



#11 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:54 PM

Posted 27 January 2014 - 04:51 PM

Did you create a new restore point?

And  hostman ? it has instructions here: http://www.abelhadigital.com/hostsman  



#12 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:03:54 PM

Posted 27 January 2014 - 05:06 PM

Host files is enabled on my computer but I don't understand how to use it. I clicked on "manage  sources" but don't know what to do next.

 

Can you tell me what I'm doing wrong?



#13 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:54 PM

Posted 27 January 2014 - 05:29 PM

Click manage  sources

Check > mvps Hosts

Than

Click close  

Next window, Click update  

Next click update host file

Next click disable service and update host file  

Try that, also you can try click help> help topics

Let me know the results



#14 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:03:54 PM

Posted 27 January 2014 - 05:35 PM

Installing updates:
Installing MVPS Hosts update... done.
Searching and fixing errors...  done.
Removing duplicates...  done.
Processing exclusion list...  done.
Saving to disk...  done.
Flushing DNS Cache...  done.
 



#15 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:54 PM

Posted 27 January 2014 - 05:46 PM

system tray icon?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users