Spybot S&D reports Virtumonde infection

[Doug G]

I have turned off Teatimer and run ERUNT to backup the registry.

FYI - previously tried to remove Virtumonde using Spybot but this caused corruption of ntoskrnl.exe. Restored partition from a backup. Unfortunately, the backup also contained the trojan. Help with removal would be appreciated.

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:19 AM, on 5/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\OV550EM.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.worldnet.att.net/ie4/search/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Worldnet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;*.local;<local>
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - (no file)
O2 - BHO: Toolbar BHO - {2AE0A4BD-F9CD-473B-8DA1-C0581B963EB2} - C:\Program Files\AT&T Worldnet Service\Toolbar\Programs\Toolbar.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\AT&T Worldnet Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ShowTB_BHO Class - {80273A16-C326-45FC-B961-5BD86F6E924D} - C:\Program Files\AT&T Worldnet Service\Toolbar\Programs\ShowTB.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: AT&&T Toolbar - {4A32DB77-BE7B-461B-8A3E-7FE4DCE9A594} - C:\Program Files\AT&T Worldnet Service\Toolbar\Programs\Toolbar.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ovt Wia] C:\WINDOWS\OV550EM.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hueyPROTray.lnk = C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: symsupportutil - https://www-secure.symantec.com/tech...upportutil.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...19/mcgdmgr.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 9299 bytes

[Shaba]

Hi Doug G

Please post next spybot report

[Doug G]

Hi Shaba,

Thanks for helping on this.

I'm a little confused right now, and I hope I'm not wasting your time. Here's what has happened:

I have a Spybot scan that was run prior to my asking for help in this forum that shows the presence of Virtumonde. This scan was done with Spybot version 1.6.0 immediately after I recovered the C: partition from a backup.

I decided to run a new scan to comply with your request, since it has been a couple of days since the first scan. The new scan was done using Spybot version 1.6.2. It's clean! (except for a lot of usage tracks and other non-critical things).

Based on the latest scan, I'm not worried anymore.... but I'd like to hear you agree with me on that.

The scan report is too long to fit here in its entirety, so I have included an excerpt. If you want the whole thing let me know how to post it. I also have the earlier scan that reported the trojan.

--- start excerpt of clean scan ---
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Ahead Nero Burning Rom: [SBI $055C754D] Last ISO directory (Registry change, nothing done)

**** A bunch of usage tracks deleted here ****

HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\LastLoginTime\
RealOne Player 2 (aka RealPlayer 6.0): [SBI $BB3E2788] Last open file directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\
RealOne Player 2 (aka RealPlayer 6.0): [SBI $0AA1D244] Most recent skins #1 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins1\
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $C06686AF] Open with list - .ACV extension (2 files) (Registry key, nothing done)

**** more usage tracks deleted here ****

Cookie: [SBI $49804B54] Cookie (45) (Cookie, nothing done)

Cache: [SBI $49804B54] Cache (3) (Cache, nothing done)

History: [SBI $49804B54] History (34) (History, nothing done)

Cookie: [SBI $49804B54] Cookie (631) (Cookie, nothing done)

Cookie: [SBI $49804B54] Cookie (1116) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-08-14 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-05-19 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-05-19 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-05-12 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-04-21 Includes\Hijackers.sbi (*)
2009-05-12 Includes\HijackersC.sbi (*)
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Ahead Nero Burning Rom: [SBI $055C754D] Last ISO directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\ahead\Nero - Burning Rom\General\OFDLastISODir
Internet Explorer: [SBI $1E8157BE] Typed URL list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMIN1\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Internet Explorer\Download Directory
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agen t
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $D5C3373A] AutoComplete data (25 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Internet Explorer\IntelliForms\SPW
Internet Explorer: [SBI $D5C3373A] AutoComplete data (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Internet Explorer\IntelliForms\SPW
LeechGet: [SBI $89AAFE13] Favorite download folder #1 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Cronosoft\LeechGet\Add\1. Favorite
LeechGet: [SBI $5B9F1999] Downloaded files number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Cronosoft\LeechGet\Console\DownloadedFiles
LeechGet: [SBI $617157BE] Downloaded megabytes total (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Cronosoft\LeechGet\Console\DownloadedMB
LeechGet: [SBI $44EDDC84] Download history (21 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Cronosoft\LeechGet\History
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\bin.clearspring.com\clearspring.sol
Properties.size=696
Properties.md5=AFAA2D3F130616D3BBB38B0EC8B7EFDD
Properties.filedate=1232049973
Properties.filedatetext=2009-01-15 16:06:13
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\cdn1.ustream.tv\com.quantserve.sol
Properties.size=70
Properties.md5=88CA75656DC90A936C4B94C1794330FC
Properties.filedate=1225990221
Properties.filedatetext=2008-11-06 12:50:20
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\cdn1.ustream.tv\viewer.sol
Properties.size=59
Properties.md5=BB8766730D19D9A1FB72CC4C046723C1
Properties.filedate=1225990594
Properties.filedatetext=2008-11-06 12:56:34
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\d.yimg.com\VolumePrefs.sol
Properties.size=55
Properties.md5=680CC18183453BA30B3B748933B29AE7
Properties.filedate=1233462706
Properties.filedatetext=2009-02-01 00:31:45
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\d.yimg.com\YEPBWPrefs.sol
Properties.size=71
Properties.md5=F744338B270CC0BE68F08E5759F1735C
Properties.filedate=1233462700
Properties.filedatetext=2009-02-01 00:31:40
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\flash.quantserve.com\com.quant serve.sol
Properties.size=72
Properties.md5=37BDCC4EBA4B7C2095C98D00248B8A9E
Properties.filedate=1225424863
Properties.filedatetext=2008-10-30 23:47:42
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\foxnews1.a.mms.mavenapps.net\mvnSharedCommunityPersist_.
sol
Properties.size=161
Properties.md5=E4C9A95603A98F263546F66363521164
Properties.filedate=1225991287
Properties.filedatetext=2008-11-06 13:08:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\foxnews1.a.mms.mavenapps.net\mvnSharedCommunityPersist_f
oxnews1.sol
Properties.size=169
Properties.md5=C6B67D880B758601AC81C8B9895603F9
Properties.filedate=1225991287
Properties.filedatetext=2008-11-06 13:08:07
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\foxnews1.a.mms.mavenapps.net\s_br.sol
Properties.size=605
Properties.md5=95C7CEDAD9EA3FA5679C39299AD10144
Properties.filedate=1225991549
Properties.filedatetext=2008-11-06 13:12:29
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\illumenix.com\StreamMinerInfo. sol
Properties.size=57
Properties.md5=EF108F8618B6135080D65A9F2CD59498
Properties.filedate=1226116597
Properties.filedatetext=2008-11-07 23:56:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\l.yimg.com\LCOMMENGINEMGR.sol
Properties.size=53
Properties.md5=9DFF7F8A9828FE7F3EA13632FAC7A59C Properties.filedate=1226511216
Properties.filedatetext=2008-11-12 13:33:36
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\login.yahoo.com\loginCache.sol
Properties.size=178
Properties.md5=6029E4E8FA996F141C6ECB1755B30D22
Properties.filedate=1227843629
Properties.filedatetext=2008-11-27 23:40:29
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\media.scanscout.com\SS_ARE_UserData.sol
Properties.size=147
Properties.md5=0C5148A4F298B91E8BD83E68823A6B0F
Properties.filedate=1231429490
Properties.filedatetext=2009-01-08 11:44:49
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\msnbcmedia.msn.com\PlayerConfig.sol
Properties.size=40
Properties.md5=5966A33C76EC98FA91BAA3438EB54730
Properties.filedate=1225990928
Properties.filedatetext=2008-11-06 13:02:07
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\player.cdn.targetspot.com\ts_CBSRadio.sol
Properties.size=51
Properties.md5=77A137640DB1A5119642D000988B9F7E
Properties.filedate=1225991858
Properties.filedatetext=2008-11-06 13:17:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\s.ytimg.com\soundData.sol
Properties.size=58
Properties.md5=4D3ED4A75D731B78C420B0D865A4FE6A
Properties.filedate=1225503866
Properties.filedatetext=2008-10-31 21:44:25
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\s.ytimg.com\videostats.sol
Properties.size=199
Properties.md5=8DCE5C0CDDC66FF53B091F95F02D7CAA
Properties.filedate=1231428798
Properties.filedatetext=2009-01-08 11:33:18
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.hulu.com\BeaconService.sol
Properties.size=85
Properties.md5=4FC0EA37CE9FCC75ED0BC92966EDC465
Properties.filedate=1225424847
Properties.filedatetext=2008-10-30 23:47:26
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.hulu.com\BeaconServiceV2.sol
Properties.size=1226
Properties.md5=C3D932A0E359035026592D71F6F395CA
Properties.filedate=1230578889
Properties.filedatetext=2008-12-29 15:28:08
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.hulu.com\com.quantserve.sol
Properties.size=72
Properties.md5=9E5EBC2BAE9740CB2C229EC02DD0C0DD
Properties.filedate=1225424863
Properties.filedatetext=2008-10-30 23:47:42
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.intel.com\s_br.sol
Properties.size=41
Properties.md5=03C74ED0C59AF8F19DD2CB8FFDF0DB98
Properties.filedate=1225237015
Properties.filedatetext=2008-10-28 19:36:55
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.motortrend.com\s_br.sol
Properties.size=79
Properties.md5=C7C821652B44DE60E020B806B21E27B8
Properties.filedate=1227315896 Properties.filedatetext=2008-11-21 21:04:56
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.youtube.com\soundData.sol
Properties.size=58
Properties.md5=4D3ED4A75D731B78C420B0D865A4FE6A
Properties.filedate=1230867655
Properties.filedatetext=2009-01-01 23:40:54
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\cdn1.ustream.tv\com.quantserve.sol
Properties.size=72
Properties.md5=391659D0FBEF4CE27D56898248C4DF4D
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\cdn1.ustream.tv\viewer.sol
Properties.size=76
Properties.md5=78E3CEEE18C420BEF56F8A49228E3BE7
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\flash.quantserve.com\com.quant serve.sol
Properties.size=74
Properties.md5=588281683915628AF0057EEC02C9032D
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\foxnews1.a.mms.mavenapps.net\mvnSharedCommunityPersist_.
sol
Properties.size=161
Properties.md5=EA034BADCA165BD345C54BA0EA32150A
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\foxnews1.a.mms.mavenapps.net\mvnSharedCommunityPersist_f
oxnews1.sol
Properties.size=169
Properties.md5=BC15C26DD7F89C2200D06CE607C84DBC
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\foxnews1.a.mms.mavenapps.net\s_br.sol
Properties.size=587
Properties.md5=7704F334F1C90CC2BDC2D24D4F3CFB1E
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\l.yimg.com\LCOMMENGINEMGR.sol
Properties.size=53
Properties.md5=9DFF7F8A9828FE7F3EA13632FAC7A59C
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\media.scanscout.com\SS_ARE_UserData.sol
Properties.size=149
Properties.md5=0B24ACF3889804BF4BBCF515EE80C549
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\s.mcstatic.com\MetacafeFlashVideoPlayer.sol
Properties.size=64
Properties.md5=8AC322B0C0ACF4CB4DE29FF8D6EECB3A
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\s.mcstatic.com\UUID.sol
Properties.size=68
Properties.md5=0F19C9CE6D114835CE4EDE05DA537BFB Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\s.ytimg.com\videostats.sol
Properties.size=199
Properties.md5=A625777299AF2E8DBAF3E47E4517DB96
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\video.google.com\videostats.so l
Properties.size=85
Properties.md5=17CFF0D9CD28B8AAD621239BD48ADEF4
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\www.hulu.com\BeaconService.sol
Properties.size=85
Properties.md5=B6CA6A5060FD1EED1E8CFCE56A6A4637
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\www.hulu.com\BeaconServiceV2.sol
Properties.size=94
Properties.md5=5420C4FA94DAEEE9560FA9ECDEEB0651
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\www.hulu.com\com.quantserve.sol
Properties.size=74
Properties.md5=7792EE9C704C0BA80BABF078EA8397D9
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\abcnews.go.com\com.quantserve.sol
Properties.size=74
Properties.md5=7792EE9C704C0BA80BABF078EA8397D9
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\abcnews.go.com\s_br.sol
Properties.size=645
Properties.md5=0E21282D802FAC97AC18B12D28D6CD59
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\as1.suitesmart.com\6thElement.sol
Properties.size=406
Properties.md5=4E685D2914681F2B35CFD76454C5FB8E
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\bannerfarm.ace.advertising.com\OmnitureFlashCookie.sol
Properties.size=62
Properties.md5=43ACA87CD236985CB0FDAD6CA88B5B8A
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\bin.clearspring.com\clearspring.sol
Properties.size=1073
Properties.md5=16E57D7C03BDF15754D02362C56C7A4B
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\dillards.com\s7_DillardsZoom.sol
Properties.size=84
Properties.md5=D40EA69A080D4CE31511AF7D56C52762
Properties.filedate=1242755885 Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\f.imwx.com\s_br.sol
Properties.size=41
Properties.md5=03C74ED0C59AF8F19DD2CB8FFDF0DB98
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\flash.quantserve.com\com.quantserve.sol
Properties.size=74
Properties.md5=588281683915628AF0057EEC02C9032D
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\interclick.com\ud.sol
Properties.size=139
Properties.md5=0D9D1A78440B3908D5A04D087A92C01D
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\l.yimg.com\COSMOSPrefs.sol
Properties.size=76
Properties.md5=0831177BC8AB948FCD0CDAA98D8F5635
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\l.yimg.com\COSMOS_FOP.sol
Properties.size=84
Properties.md5=0688349E0AA07CF57650800EA43940EF
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\l.yimg.com\LCOMMENGINEMGR.sol
Properties.size=305
Properties.md5=B2677981A5A3F0C6CBC1E9EAE2D66694
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\media.tattomedia.com\banner_data.sol
Properties.size=307
Properties.md5=FB2D1E638557EC7D6B0C7DBA36A96D87
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\media.tattomedia.com\campaigns.sol
Properties.size=94
Properties.md5=DCA6192F4CDD26AC04A958631416E86E
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\media.tattomedia.com\sources.sol
Properties.size=95
Properties.md5=2FF46AD6423412AD551CE352540A7E9F
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\mediafileshost.com\ZXhwbzEw.sol
Properties.size=43
Properties.md5=41E6FDFBBBEE072387A7FF7653DD4294
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\objects.tremormedia.com\com.t remormedia.acudeocomponent.
sol
Properties.size=162
Properties.md5=3556143190FA1D7E715BC71CC20B5589
Properties.filedate=1242755886 Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\player.cdn.targetspot.com\ts_CBSRadio.sol
Properties.size=51
Properties.md5=681F9FE31B9C089B256B033A01CC5759
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\pub.widgetbox.com\wbx_cookie.sol
Properties.size=42
Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\pub.widgetserver.com\com.quantserve.sol
Properties.size=74
Properties.md5=7792EE9C704C0BA80BABF078EA8397D9
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\s.mcstatic.com\MetacafeFlashVideoPlayer.sol
Properties.size=64
Properties.md5=8AC322B0C0ACF4CB4DE29FF8D6EECB3A
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\s.mcstatic.com\UUID.sol
Properties.size=68
Properties.md5=422B29B8F12745D8B3F48FB4D2AE11F7
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\s.ytimg.com\soundData.sol
Properties.size=58
Properties.md5=4D3ED4A75D731B78C420B0D865A4FE6A
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\s.ytimg.com\videostats.sol
Properties.size=199
Properties.md5=3C46CA820F8C2B9504B62CDAECA4E727
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\s7d2.scene7.com\s7_storage_init.sol
Properties.size=534
Properties.md5=150BEBCCA3DCD9722A93FA716AEF9494
Properties.filedate=1243118423
Properties.filedatetext=2009-05-23 18:40:23
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\s7d2.scene7.com\s7_storage_tracker.sol
Properties.size=157
Properties.md5=0415F4873B91A218FF5332B361C91E6B
Properties.filedate=1243118424
Properties.filedatetext=2009-05-23 18:40:24
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\seal.buysafe.com\buySAFE.com.sol
Properties.size=372
Properties.md5=BE41061AB185E2DB5714D052BBBDBE65
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\udn.specificclick.net\uf.sol
Properties.size=72
Properties.md5=B984A554AB9326CA7ABBD18D2C85774A
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\udn.specificclick.net\ufo.sol
Properties.size=73
Properties.md5=388404103DB940E7B10BF09CCE252BB0
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\video.google.com\videostats.sol
Properties.size=199
Properties.md5=C01A671009DC745AB4F7E2C9F6724C7F
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\vizu.com\acUserData.sol
Properties.size=377
Properties.md5=1C42EEA035F89379BBCC329944C209EB
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\www.blogtalkradio.com\audioData.sol
Properties.size=46
Properties.md5=C1B02A6212585A3360F58B8B5B5BE174
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\video.google.com\googleplayer. swf\mediaPlayerUserSettings.sol
Properties.size=94
Properties.md5=A5B71A46809D655E111DEAE472E3BFFA
Properties.filedate=1225418409
Properties.filedatetext=2008-10-30 22:00:08
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.hulu.com\player.swf\Lightningcast.sol
Properties.size=55
Properties.md5=07B122A08F7FE8524B7B345AFE008A1D
Properties.filedate=1225424845
Properties.filedatetext=2008-10-30 23:47:25
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.hulu.com\player.swf\NewSitePlayer.sol
Properties.size=275
Properties.md5=18B33A7BF740AB9E696006F1D697350E
Properties.filedate=1230577793
Properties.filedatetext=2008-12-29 15:09:52
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.hulu.com\playerembed.swf\Lightningcast.sol
Properties.size=56
Properties.md5=39C07F321D392D58C1BA56D917DDC6FB
Properties.filedate=1226513066
Properties.filedatetext=2008-11-12 14:04:25
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.hulu.com\playerembed.swf\NewSitePlayer.sol
Properties.size=62
Properties.md5=5EE2AB565A5FE663F74F7EC29FD8EB0C
Properties.filedate=1226513066
Properties.filedatetext=2008-11-12 14:04:25
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\www.hulu.com\player.swf\Lightningcast.sol
Properties.size=56
Properties.md5=20DF763C189A8F608C6C9F520B41EA0F
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\www.hulu.com\player.swf\NewSitePlayer.sol
Properties.size=275
Properties.md5=CB8B1BBC9063C8F9A7CA27343C41610E
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done) C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\documents.scribd.com\ScribdViewer.swf\instance_identifier.sol
Properties.size=79
Properties.md5=B1E8161883EBD769EA514BAC8576A0AC
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\documents.scribd.com\ScribdViewer.swf\quantcast.sol
Properties.size=67
Properties.md5=A60CE38D4EBABA4161107C4217BD0517
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\documents.scribd.com\ScribdViewer.swf\scribdSettings.sol
Properties.size=78
Properties.md5=01C4D2EFBF3E86D0D02C454D8094477F
Properties.filedate=1242755885
Properties.filedatetext=2009-05-19 13:58:05
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\makyo\Application Data\Macromedia\Flash Player\#SharedObjects\N62MV55G\video.google.com\googleplayer .swf\mediaPlayerUserSettings.so
l
Properties.size=94
Properties.md5=A5B71A46809D655E111DEAE472E3BFFA
Properties.filedate=1242755886
Properties.filedatetext=2009-05-19 13:58:06
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\lads.myspace.com\videos\Main.swf\preferences.sol
Properties.size=136
Properties.md5=4B555AE8AB8DBCED6A4CCC803D6E0ABA
Properties.filedate=1229829524
Properties.filedatetext=2008-12-20 23:18:43
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\player.play.it\player\CBSRadio_Player.swf\R20PLAYER.sol
Properties.size=2744
Properties.md5=674EADF6EB5CB9BA9C35FF171797C491
Properties.filedate=1231429617
Properties.filedatetext=2009-01-08 11:46:57
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\CM8VQQJR\www.wtnh.com\video\videoplayer .swf\savedBitRate.sol
Properties.size=61
Properties.md5=E3CF34016E7404F2D2B01C19A4AC933F
Properties.filedate=1232339038
Properties.filedatetext=2009-01-19 00:23:58
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\UT6XU6DB\www.wtnh.com\video\videoplayer .swf\savedBitRate.sol
Properties.size=61
Properties.md5=19A807146EB105186807784AD317B971
Properties.filedate=1242755318
Properties.filedatetext=2009-05-19 13:48:38
MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $735D57D7] Recent open directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir
MS Media Player: [SBI $D8642806] Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
Properties.size=229376
Properties.md5=F74D208670995556D2329A9EC0369642
Properties.filedate=1066085830
Properties.filedatetext=2003-10-13 18:57:09
MS Media Player: [SBI $656F1808] Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch
MS Media Player: [SBI $6D2E50D8] Last selected node (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode
MS Media Player: [SBI $3B9B7B9A] Last CD record path (Registry change, nothing done) HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 8.0 (Excel): [SBI $A7691699] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Office\8.0\Excel\Recent File List
MS Picture It! 9.0 (MSN Photo module): [SBI $AF55B285] Last opened folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\MSNPubSend\LastFolderForOpen
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Search Assistant\ACMru
Paint Shop Photo Album: [SBI $B6776DC2] Last used Twain device (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Jasc\Paint Shop Photo Album\Connect\LastTwainDev
Paint Shop Photo Album: [SBI $06083C3F] Recent album list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Jasc\Paint Shop Photo Album\Recent Album List
Paint Shop Photo Album: [SBI $06083C3F] Recent album list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Jasc\Paint Shop Photo Album\Recent Album List
Paint Shop Photo Album: [SBI $31DEE52D] Recent file list (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Jasc\Paint Shop Photo Album\Recent File List
Paint Shop Photo Album: [SBI $C8033484] Last managed album (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Jasc\Paint Shop Photo Album\State\AlbumList
Paint Shop Photo Album: [SBI $DF97F20E] Last web pages style (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Jasc\Paint Shop Photo Album\Web\Style
RealOne Player 2 (aka RealPlayer 6.0): [SBI $F369C542] Last login time (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\LastLoginTime\
RealOne Player 2 (aka RealPlayer 6.0): [SBI $BB3E2788] Last open file directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\
RealOne Player 2 (aka RealPlayer 6.0): [SBI $0AA1D244] Most recent skins #1 (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins1\
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $C06686AF] Open with list - .ACV extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ACV\OpenWithList
Windows.OpenWith: [SBI $C06686AF] Open with list - .ACV extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ACV\OpenWithList
Windows.OpenWith: [SBI $16E309E0] Open with list - .ASF extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithListWindows.OpenWith: [SBI $63036C95] Open with list - .CAB extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: [SBI $06671386] Open with list - .CIL extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CIL\OpenWithList
Windows.OpenWith: [SBI $37C65299] Open with list - .CSH extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSH\OpenWithList
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (497 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (500 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $7308A845] Run history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (55 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMIN1\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Co unt
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (78 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB7 80-7743-11CF-A12B-00AA00
4AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (18 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB7 80-7743-11CF-A12B-00AA00
4AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB78 0-7743-11CF-A12B-00AA004
AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (16 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMIN1\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Co unt
Windows Explorer: [SBI $6107D172] User Assistant history files (831 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{750487 00-EF1F-11D0-9888-006097
DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (218 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{750487 00-EF1F-11D0-9888-006097
DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{7504870 0-EF1F-11D0-9888-006097D
EACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisit edMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done) HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFol der
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1792638165-864355715-3975183721-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (45) (Cookie, nothing done)

Cache: [SBI $49804B54] Cache (3) (Cache, nothing done)

History: [SBI $49804B54] History (34) (History, nothing done)

Cookie: [SBI $49804B54] Cookie (631) (Cookie, nothing done)

Cookie: [SBI $49804B54] Cookie (1116) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-08-14 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-05-19 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-05-19 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-05-12 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-04-21 Includes\Hijackers.sbi (*)
2009-05-12 Includes\HijackersC.sbi (*)
2009-05-06 Includes\Keyloggers.sbi (*)
2009-05-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-05-12 Includes\Malware.sbi (*)
2009-05-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-05-12 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-05-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-05-12 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti (*)
2009-05-12 Includes\Trojans.sbi (*)
2009-05-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

---end clean scan ---

[Shaba]

OK so that was fixed in latest version

Usage tracks are not dangerous, you can ignore them.

Do you have some other issues?

[Doug G]

Thank you, Shaba.

I'm sure I have lots of issues, but none computer-related at this time.

Doug

[Shaba]

Good

See below for my tips.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 13

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

• Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
  You can use one of these sites to check if any updates are needed for your pc.
  Secunia Software Inspector
  F-secure Health Check
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
• Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
  
  Malwarebytes' Anti-Malware Setup Guide
  
  Malwarebytes' Anti-Malware Scanning Guide
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

[Shaba]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.