# Solved: Temp Folder Problem - Cannot Download Files From Internet



## pook123 (Sep 21, 2007)

When I want to download software from the internet, I get the following message:

"Error writing temporary file. Make sure your temp file is valid". Yesterday it had NSIS infront of it, today it does not. I looked online and cannot see any valid fixes. Are you please able to help? This happened after I installed a bunch of Windows updates, although I see people have been having this problem for a couple of years. 

Additional info; I'm not sure if it has to do anything with the issue: When the "run" button comes up after it downloads, beneath it, there is a message that says, "THis file is in a location outside your local network. Files from locations outside you don't recognize can harm your pc. Only run this file if you trust this location". Then I press, "run" and get the above message. But I'm getting this message on anything I try to download, even from well-know sites.

THank you.


----------



## TerryNet (Mar 23, 2005)

With what are you downloading (maybe some version of Internet Explorer?)?

Do you get this also when simply downloading (saving the file) or only when trying to Run the file without saving it?


----------



## pook123 (Sep 21, 2007)

Hi, Thanks for answering so quickly. To give you an example,

One time, I was trying to download VLC Media player from their site, Videolan

SEcond time, I was trying to download a password keeper/organizer, "Dashlane" from a referral site from a family member. So far, I only get it when I hit "run". I have not tried to save any files yet, but it does download into a folder, and then I try to hit "run". 

The above examples are two of about five places I've tried to download software on the web. I stopped finally because nothing is allowing me to get past "run".


----------



## pook123 (Sep 21, 2007)

To clarify the above - when I say "I only get it", I mean the error message about temp folder I am getting


----------



## flavallee (May 12, 2002)

You should select to download and *save* those files instead of selecting the "Run/Open" option.

After they're downloaded and *saved* in a location of your choosing, you can then install them at your leisure.

----------------------------------------------------------


----------



## pook123 (Sep 21, 2007)

Hello Frank,

When I get a link, it automatically downloads it into a file, so it's saved, but it when I try to run it or open it, I get the same message. I want to fix this problem.
I searched the NSIS and "error writing temporary file" on your site, and saw that there were some threads on this, but I could not read them because they had expired. However, I did see that the representative had the person writing send him a log of HiJackThis, but could not see the results or what happened. Am I able to do this? How would I send you a HiJackThis log? Thanks


----------



## TerryNet (Mar 23, 2005)

So, even if you download the file to your desktop and then double click on it to run it you get a message about a temporary file? That makes no sense to me. Again, what are you using for the downloads? Sounds like IE, but I shouldn't assume.


----------



## pook123 (Sep 21, 2007)

Hi, this happens in both IE and Chrome which I use interchangeably. And ys, this happens when I double click on it to run it....


----------



## flavallee (May 12, 2002)

Can you provide a webpage link to one or more of the sites that you're downloading files from so we can see what happens?

We don't know how computer-knowledgeable you are, so it's possible that you need someone to show you how to download and save and install files.

--------------------------------------------------------


----------



## pook123 (Sep 21, 2007)

Ok, here is the link to the password software site, sent to me from friend:

https://www.dashlane.com/en/invite/3ba8f83d Follow the prompts to download

FYI: I am very computer knowledgeable, and I helped build my current computer with my partner. I hope this helps
PS: Are you able to find those other posts to see what worked for this same problem ?


----------



## flavallee (May 12, 2002)

When I clicked on the *Get Dashlane - It's FREE* button, it allowed me to download and save the 689 KB-size *Dashlane_Launcher-1372238144.exe* file.

I didn't double-click it to start the install process because I don't want it in my computer and don't know what affect it'll have on my computer.

-------------------------------------------------------


----------



## TerryNet (Mar 23, 2005)

I also downloaded it with IE 9 (to the default Downloads folder) and did double click on it and got into the install program (at which point I cancelled). Even if all your downloads are corrupted I cannot understand why you are getting an error including "temporary file."


----------



## pook123 (Sep 21, 2007)

Hi Guys, thanks for your replies. I have suggested looking at the previous "NSIS" and "cannot write to temp file" threads to you, but you are not commenting on my suggestion. How come? Maybe there is some good information in those? If so, there would be no need to re-invent the wheel. I tried to read some of these but they have expired. Being a moderator, are you able to see these? Also, a lot of entries on the web. Tried just a few, but to no avail. Any help appreciated.


----------



## flavallee (May 12, 2002)

> How would I send you a HiJackThis log?


Is your computer running Windows 7 32-bit or 64-bit?

HiJackThis 2.0.4 doesn't work properly with Windows 64-bit.

----------------------------------------------------------


----------



## TerryNet (Mar 23, 2005)

> I tried to read some of these but they have expired.


If you are talking about expired threads on this site you can still read them; just can't post to them. If you have a counter example please give me a link (URL).

I'm still not clear on exactly what is happening, so it makes no sense for me to look for a solution to I-don't-know-what.


----------



## pook123 (Sep 21, 2007)

HI Flavellee,

Unfortunately, I am running Windows 7 64 bit. Any other program which might do the same or similar ?


----------



## pook123 (Sep 21, 2007)

TerryNet,

The symptoms I have are exactly what is described in these older posts. I've gotten the "NSIS" error and the exact wording of the errors in the posts. I would say that is very close if not exactly, the problem. However, I understand that you may have a different approach to this, and that is fine with me.


----------



## pook123 (Sep 21, 2007)

I went to CNET and tried to download Malwarebytes software. I am in chrome. It downloaded and when I double-clicked it, I received a different message from previous ones. HEre is what it said. I hope this is a good "clue" to what is going on:

"_*Setup was unable to create the directory- C:\users\richard11\appData \Local\Temp\[...../B]*_*

And then,

A" Error 5. Access is denied

Help*


----------



## TerryNet (Mar 23, 2005)

Based on your initial post I thought of a possible temp folder issue, but when you had the same problem when downloading elsewhere I dropped that idea. Does that temp folder exist? Can you create a new file in it? Are there "zillions" of files/folders in it (if so, delete all that you can)?


----------



## pook123 (Sep 21, 2007)

Terrynet, I deleted all files in my temp folder (except system files). The temp folder exists in the place it should exist. I also emptied my cache and history. Do you think I could have some sort of malware/virus.... ??


----------



## TerryNet (Mar 23, 2005)

Can you create a new file or folder in that temp folder? If so, have you tried running the Malwarebytes setup again?


----------



## flavallee (May 12, 2002)

> Do you think I could have some sort of malware/virus.... ??


Let's start here and find out if it does.

Go here, then click the large blue "Download Now @ Bleeping Computer" link to download and save *AdwCleaner.exe* to your desktop.

Close all open windows first, then double-click *AdwCleaner.exe* to load its main window.

Click the "Delete" button, then allow the deletion process to finish.

Click "OK" 3 times.

The computer will restart.

When the log file appears, save it.

Return here, then copy-and-paste the ENTIRE log here.

-----------------------------------------------------------


----------



## pook123 (Sep 21, 2007)

Hi Flavallee,

I really want to do this now, but have to run to a Dr appt. I'll be back in about 3-4 hours and will do that then. Thank you for trying to find out the problem. I appreciate your time. Pook123 (Richard)


----------



## flavallee (May 12, 2002)

I'll be off-line for the rest of the day by the time you get back, so I'll check back here in the morning. :up:

Good luck at the doctor. :up:

-------------------------------------------------------


----------



## pook123 (Sep 21, 2007)

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 12:49:23
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Richard11 - RICHARD11PC
# Boot Mode : Normal
# Running from : C:\Users\Richard11\Desktop\AdwCleaner (1) (1).exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : BCUService

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Babylon
File Deleted : C:\Users\Public\Desktop\Babylon.lnk
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\Users\Richard11\AppData\Local\Babylon
Folder Deleted : C:\Users\Richard11\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Richard11\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\Software\Classes\Installer\Features\B324397D81FF45A49B9C573B93B6AA4C
Key Deleted : HKLM\Software\Classes\Installer\Products\B324397D81FF45A49B9C573B93B6AA4C
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Richard11\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7729 octets] - [01/08/2013 12:49:23]

########## EOF - C:\AdwCleaner[S1].txt - [7789 octets] ##########


----------



## pook123 (Sep 21, 2007)

Hi - 
I posted the log. You will see a lot of deletions for "Babylon" which is an online translator. I recently returned from a vacation trip to Germany, and had it here. I deleted it early today, thinking that maybe this had something to do with the problem I am having. Not sure. When I downloaded theAdwCleaner, I was afraid I'd get the same error messages. To my surprise, I went into the download folder, right-clicked and saved it to the desktop and it opened. I am not even going to see if everything is working right or not. I would like to know if you see anything weird in the log. Thanks


----------



## pook123 (Sep 21, 2007)

I could not resist. I tried to open another download installation and I got the same error. However, I tried it again, and when I saw it download in the corner of my desktop, I pulled the arrow down and checked "show in folder". Then, I went to the file, right-clicked it and checked "run as administrator". Guess what? It opened?

Any conclusions from this and the log file?

Richard (pook123)


----------



## flavallee (May 12, 2002)

I'm still on-line and haven't shut down for the day yet, so I just got your *AdwCleaner.exe* log.

You need to run it again and then restart and then save the new log and then submit it here.

This is to confirm if the first run found and deleted everything, or if a second run was needed to find and delete what the first run didn't.

-------------------------------------------------------------

I'm not an expert at deciphering AdwCleaner.exe logs, but it sounds like you made some positive headway after running it.

-------------------------------------------------------------


----------



## pook123 (Sep 21, 2007)

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 13:43:37
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Richard11 - RICHARD11PC
# Boot Mode : Normal
# Running from : C:\Users\Richard11\Desktop\AdwCleaner (1) (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Babylon

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Richard11\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7836 octets] - [01/08/2013 12:49:23]
AdwCleaner[S2].txt - [785 octets] - [01/08/2013 13:43:37]

########## EOF - C:\AdwCleaner[S2].txt - [844 octets] ##########


----------



## flavallee (May 12, 2002)

The second run of AdwCleaner.exe found and deleted a Babylon entry, but the rest of it looks okay.

If you're able to do the following, I'll check back in the morning for the results.

-----------------------------------------------------------

Download and save and then install the free version of

*Malwarebytes Anti-Malware 1.75.0.1300*

*SUPERAntiSpyware 5.6.0.1022*

Make sure to update their definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

After they're installed and updated, restart the computer.

-----------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------------

Start SUPERAntiSpyware.

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------------


----------



## Mark1956 (May 7, 2011)

ADWCleaner, second log, shows a repeat deletion of the program Babylon so it needs to be run again, if it is still showing, further action is required to remove it permanently. It is known Adware and prone to cause issues with browsers. You also appear to have download two copies of ADWCleaner .

I am concerned about this comment you made in post 20:



> Terrynet, I deleted all files in my temp folder (except system files).


 There should not be any system files in your temp folder. Please tell me what some of them are or send a screenshot showing what is left in the Temp folder.


----------



## pook123 (Sep 21, 2007)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.01.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Richard11 :: RICHARD11PC [administrator]

8/1/2013 5:32:51 PM
mbam-log-2013-08-01 (17-32-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231161
Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully.

(end)


----------



## pook123 (Sep 21, 2007)

Here are the system files in Temp folder, or ones it says are system files and if I delete, programs won't work:

LOW, 
COOKIES
MATS-TEMP
MSTADMIN
HISTORY
TEMPORARY INTERNET FILES


----------



## pook123 (Sep 21, 2007)

AdwCleaner v2.306 - Logfile created 08/01/2013 at 19:59:39
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Richard11 - RICHARD11PC
# Boot Mode : Normal
# Running from : C:\Users\Richard11\Desktop\AdwCleaner (1) (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Richard11\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7836 octets] - [01/08/2013 12:49:23]
AdwCleaner[S2].txt - [912 octets] - [01/08/2013 13:43:37]
AdwCleaner[S3].txt - [795 octets] - [01/08/2013 19:59:39]

########## EOF - C:\AdwCleaner[S3].txt - [854 octets] ##########


----------



## pook123 (Sep 21, 2007)

http://www.superantispyware.com

Generated 08/01/2013 at 08:37 PM

Application Version : 5.6.1020

Core Rules Database Version : 10659
Trace Rules Database Version: 8471

Scan type : Quick Scan
Total Scan Time : 00:07:57

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 746
Memory threats detected : 0
Registry items scanned : 61055
Registry threats detected : 0
File items scanned : 13873
File threats detected : 330

Adware.Tracking Cookie
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\8RXTYZZ1.txt [ /247realmedia.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\14HL5FXJ.txt [ /interclick.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\GE6C23UJ.txt [ /www.accountonline.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\9AC0URI8.txt [ /questionmarket.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\MYQ3660O.txt [ /oasc12.247realmedia.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\7PWR554O.txt [ /ads.creative-serving.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\3MA7QLMD.txt [ /invitemedia.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\WAGVMV0D.txt [ /realmedia.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\CMY1OECA.txt [ /2o7.net ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\TV2LDAJO.txt [ /media6degrees.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\9DNI3GEW.txt [ /insightexpressai.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\4CVX6QYF.txt [ /ads.as4x.tmcs.ticketmaster.com ]
C:\Users\Richard11\AppData\Roaming\Microsoft\Windows\Cookies\359HIWG2.txt [ /serving-sys.com ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.mlnadvertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight.torbit.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pulse-analytics-beacon.reutersmedia.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
testdata.coremetrics.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.accountonline.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usta.122.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight-beacon.torbit.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hyatt.112.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dominionenterprises.112.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.virginamerica.112.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.samsung.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.samsung.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediabistro.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unrulymedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.wegmansfoods.112.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c5.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.accountonline.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accountonline.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.logme.in [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.logme.in [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.logme.in [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hertz.122.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.blau.122.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
va.marketer.lpsnmedia.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ghmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnportal.112.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.verizontelecom.112.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cmsnewmedia.polldaddy.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cmsnewmedia.polldaddy.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cmsnewmedia.polldaddy.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
link.mercent.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tmobile.db.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usatoday1.112.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hearstdigital.122.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timeinc.122.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.rfsoao.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## Mark1956 (May 7, 2011)

The temp files are not system files they are folders. Please run this tool below to make sure all your temp files are removed. Please also re-post the SAS log as it is incomplete, you have missed a section from the bottom of it.

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.


----------



## flavallee (May 12, 2002)

Mark:

I overlooked that one AdwCleaner.exe entry from the second run and have edited my last reply.

I see the third run looks okay.

--------------------------------------------------------


----------



## pook123 (Sep 21, 2007)

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33103 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Richard11
->Temp folder emptied: 42361539 bytes
->Temporary Internet Files folder emptied: 813697307 bytes
->Java cache emptied: 37937973 bytes
->Google Chrome cache emptied: 10056237 bytes
->Flash cache emptied: 96965 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2474049780 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 364642219 bytes
Process complete!

Total Files Cleaned = 3,570.00 mb


----------



## Mark1956 (May 7, 2011)

Easy to miss these things, I've done it myself. The third run is fine so no need to run it again. Just need to see the end of the SAS log, as requested, to see if it found anything other than cookies.


----------



## pook123 (Sep 21, 2007)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/02/2013 at 06:44 AM

Application Version : 5.6.1020

Core Rules Database Version : 10660
Trace Rules Database Version: 8472

Scan type : Quick Scan
Total Scan Time : 00:03:28

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 749
Memory threats detected : 0
Registry items scanned : 61055
Registry threats detected : 0
File items scanned : 10996
File threats detected : 54

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adformdsp.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adformdsp.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adformdsp.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.beiersdorf.122.2o7.net [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.themarketiq.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RICHARD11\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## Mark1956 (May 7, 2011)

The second scan with SAS found quite a few more cookies and it appears to be complete. My apologies for stating the previous log was incomplete, I thought the log ended with an End of Log statement (or similar) appears that is not the case having just checked on my own system. I don't use it in Malware removal as Cookies are relatively harmless and any infections are found with other tools I use.

As you can see the TFC scan removed over 3.5GB of temp files, I would always recommend TFC for clearing temp files as it checks all the temp folders on the system which is far more efficient and quicker than doing the job manually.

How are things now with the original problem?


----------



## pook123 (Sep 21, 2007)

I was afraid of failing to solve the problem, so I have not checked until now. I went to CNET and to download some software, choosing "ccleaner" just by chance. I downloaded it and when I pressed "RUN", I got the same (or one of the same) messages:

Setup was unable to create the directory, "C:\Users\Richard11\AppData\Temp\is-ASAF0.tmp" and then "Error 5 - Access is denied".

Then, I went to the "Downloads" file, and clicked it. I got the same message.

Then, I right clicked it and clicked "Run as an Administrator" and Voila! It opened.

So, I am starting to conclude that it is something with my User/Administrator settings. This is a home computer on a network with another user here. I am an administrator (I think). Any ideas?


----------



## Mark1956 (May 7, 2011)

NOTE: If you are intending to use CCLeaner DO NOT use the registry cleaner. We see many PC's damaged by Registry Cleaner/Optimisers and the benefits they can give are far outweighed by the risks. The registry does not need to be cleaned, if there is a specific problem with it it is unlikely to be fixed with one of these tools and should be left to someone with good knowledge of the registry and not an item of third party software.

There will always be some things in the Windows 7 system that won't allow access unless you right click first and select "Run as Administrator", but temporary file creation should not be one of them. It would therefore appear that some of you default permissions have been changed. You are listed as an Administrator on this system, but that still doesn't give full permissions or access to everything, some restrictions are put in place quite simply to protect the system from accidental damage.

Run this tool below and see if it helps.

Download this and save it to the desktop: Windows Repair Use any of the orange/yellow buttons below *Installer (5.12MB)* to start the download. NOTE: DO NOT use the green buttons at the top of the page as this is dubious software that could infect your system with Adware.

Close your browser and any running programs, double click on the Tweaking icon on your desktop to run the tool. When the program opens click on the *Step 4* tab. Under System Restore click on *Create* and wait for the confirmation to appear just below the button.

When complete click on the tab *Start Repairs*, click on the *Start* button. Then click on *Unselect All* and tick the boxes next to the following items only.

When done click on the *Start* button and leave it undisturbed until complete.


Reset Registry Permissions
Reset File Permissions


----------



## pook123 (Sep 21, 2007)

Mark,

We will have no internet because our power company is repairing a broken transformer near us. I don't want to attmept this, as I only have about 20 minutes until the electricity is off. I will try tonight or tomorrow. Will you be online tomorrow? Thank you for all your time and good advice. I will have email on my smartphone, as well as some internet. Thanks, and I will do what you suggested tonight probably.

Richard


----------



## Mark1956 (May 7, 2011)

No problem at all and you're welcome. Just let me know how things go when you are ready. I am on and off-line quite frequently so should pick up your replies without much delay.


----------



## pook123 (Sep 21, 2007)

Mark, I have a question before I run "Windows Repair". I have my computer on a network with my partner's computer in the same home. I give him total permissions to run my files and he gives me the same. In addition when traveling, we use logmein for remote desktop. If I reset registry permissions and file permissions, will this change all of the total permissions he has to access all of my files and visa-versa? Thanks.


----------



## pook123 (Sep 21, 2007)

Log:
Starting Repairs...
Start (8/3/2013 7:42:38 AM)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (8/3/2013 7:42:38 AM)
Running Repair Under Current User Account
Done (8/3/2013 7:42:48 AM)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (8/3/2013 7:42:48 AM)
Running Repair Under System Account
Done (8/3/2013 7:43:54 AM)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (8/3/2013 7:43:54 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:25 AM)

Reset File Permissions 01/30
C:\32788R22FWJFW & Sub Folders
Start (8/3/2013 7:44:27 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:29 AM)

Reset File Permissions 02/30
C:\79d8967b5b6cd00bba16 & Sub Folders
Start (8/3/2013 7:44:29 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:34 AM)

Reset File Permissions 03/30
C:\Agent & Sub Folders
Start (8/3/2013 7:44:34 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:36 AM)

Reset File Permissions 04/30
C:\Archived documents & Sub Folders
Start (8/3/2013 7:44:36 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:38 AM)

Reset File Permissions 05/30
C:\c5ba5cd27d54616267bb3df176fd & Sub Folders
Start (8/3/2013 7:44:38 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:41 AM)

Reset File Permissions 06/30
C:\Config.Msi & Sub Folders
Start (8/3/2013 7:44:41 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:43 AM)

Reset File Permissions 07/30
C:\Downloads & Sub Folders
Start (8/3/2013 7:44:43 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:46 AM)

Reset File Permissions 08/30
C:\Firefox & Sub Folders
Start (8/3/2013 7:44:46 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:48 AM)

Reset File Permissions 09/30
C:\found.000 & Sub Folders
Start (8/3/2013 7:44:48 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:51 AM)

Reset File Permissions 10/30
C:\found.001 & Sub Folders
Start (8/3/2013 7:44:51 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:53 AM)

Reset File Permissions 11/30
C:\found.002 & Sub Folders
Start (8/3/2013 7:44:53 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:56 AM)

Reset File Permissions 12/30
C:\frmemz & Sub Folders
Start (8/3/2013 7:44:56 AM)
Running Repair Under System Account
Done (8/3/2013 7:44:58 AM)

Reset File Permissions 13/30
C:\From RichardU & Sub Folders
Start (8/3/2013 7:44:58 AM)
Running Repair Under System Account
Done (8/3/2013 7:45:59 AM)

Reset File Permissions 14/30
C:\Intel & Sub Folders
Start (8/3/2013 7:45:59 AM)
Running Repair Under System Account
Done (8/3/2013 7:46:01 AM)

Reset File Permissions 15/30
C:\MSOCache & Sub Folders
Start (8/3/2013 7:46:01 AM)
Running Repair Under System Account
Done (8/3/2013 7:46:03 AM)

Reset File Permissions 16/30
C:\My Music & Sub Folders
Start (8/3/2013 7:46:03 AM)
Running Repair Under System Account
Done (8/3/2013 7:46:06 AM)

Reset File Permissions 17/30
C:\Netgear & Sub Folders
Start (8/3/2013 7:46:06 AM)
Running Repair Under System Account
Done (8/3/2013 7:46:08 AM)

Reset File Permissions 18/30
C:\PerfLogs & Sub Folders
Start (8/3/2013 7:46:08 AM)
Running Repair Under System Account
Done (8/3/2013 7:46:11 AM)

Reset File Permissions 19/30
C:\Program Files & Sub Folders
Start (8/3/2013 7:46:11 AM)
Running Repair Under System Account
Done (8/3/2013 7:47:03 AM)

Reset File Permissions 20/30
C:\Program Files (x86) & Sub Folders
Start (8/3/2013 7:47:03 AM)
Running Repair Under System Account
Done (8/3/2013 7:52:34 AM)

Reset File Permissions 21/30
C:\ProgramData & Sub Folders
Start (8/3/2013 7:52:34 AM)
Running Repair Under System Account
Done (8/3/2013 7:53:13 AM)

Reset File Permissions 22/30
C:\Qoobox & Sub Folders
Start (8/3/2013 7:53:13 AM)
Running Repair Under System Account
Done (8/3/2013 7:53:16 AM)

Reset File Permissions 23/30
C:\RaidTool & Sub Folders
Start (8/3/2013 7:53:16 AM)
Running Repair Under System Account
Done (8/3/2013 7:53:18 AM)

Reset File Permissions 24/30
C:\Recovery & Sub Folders
Start (8/3/2013 7:53:18 AM)
Running Repair Under System Account
Done (8/3/2013 7:53:21 AM)

Reset File Permissions 25/30
C:\Software & Sub Folders
Start (8/3/2013 7:53:21 AM)
Running Repair Under System Account
Done (8/3/2013 7:53:38 AM)

Reset File Permissions 26/30
C:\Temp & Sub Folders
Start (8/3/2013 7:53:38 AM)
Running Repair Under System Account
Done (8/3/2013 7:53:40 AM)

Reset File Permissions 27/30
C:\Top 100 & Sub Folders
Start (8/3/2013 7:53:40 AM)
Running Repair Under System Account
Done (8/3/2013 7:53:53 AM)

Reset File Permissions 28/30
C:\Upload & Sub Folders
Start (8/3/2013 7:53:53 AM)
Running Repair Under System Account
Done (8/3/2013 7:53:55 AM)

Reset File Permissions 29/30
C:\Windows & Sub Folders
Start (8/3/2013 7:53:55 AM)
Running Repair Under System Account
Done (8/3/2013 8:00:36 AM)

Reset File Permissions 30/30
C:\_AcroTemp & Sub Folders
Start (8/3/2013 8:00:36 AM)
Running Repair Under System Account
Done (8/3/2013 8:00:38 AM)

Reset File Permissions: Cleanup
& Sub Folders
Start (8/3/2013 8:00:39 AM)
Running Repair Under System Account
Done (8/3/2013 8:00:41 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (8/3/2013 8:00:41 AM)
Total Repair Time: 00:18:03


...YOU MUST RESTART YOUR SYSTEM...


----------



## Mark1956 (May 7, 2011)

In answer to your question, yes you will have to change the permissions again as the Repair tool will have set everything back to default.

Has that repair fixed the original problem?


----------



## pook123 (Sep 21, 2007)

Hi Mark, The problem I'd say is "better". Some now work, like downloading a file from Cnet - I just hit run and it runs. Also, I changed my default browser to IE7 instead of Chrome. Maybe that is part of it. Some files, though. like VLC Player in my"download" file say, "Cannot write to temp file - Make sure your temp file is valid" - "Error 5". When I hit "run". What is this ? 
However, when I right click and do "run as an administrator", it starts up. I am very confused. I guess I just have to live with the sometime running as an "administrator" or just getting the error message when I download from the web, and then having to go to the file and right click and run as administrator. What a convoluted workaround. I wish I knew what was going on. Do you have any more ideas on this? Richard


----------



## Mark1956 (May 7, 2011)

I'd just like to check something, please run this:

Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please post this in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

=============================================================

And this:

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.


----------



## pook123 (Sep 21, 2007)

Mark, I forgot to run as administrator. However, here is the log. PLease let me know if you want me to re-run it. I will be able to run the other software you mention in the next few hours.

Rkill 2.5.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/03/2013 02:18:11 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\crypserv.exe (PID: 2148) [WD-HEUR]
* C:\Users\Richard11\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (PID: 2892) [UP-HEUR]
* C:\Users\Richard11\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (PID: 3088) [UP-HEUR]
* C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PID: 4660) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Richard11\Desktop\rkill\rkill-08-03-2013-02-18-15.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 activate.adobe.com

Program finished at: 08/03/2013 02:18:57 PM
Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s)


----------



## Mark1956 (May 7, 2011)

The hosts file entries indicate the use of a pirated copy of an Adobe product. I don't assist with any PC that is using pirated software so please uninstall it if it is still on your system. We will then proceed to empty the hosts file.

Please post the result of Security Check when you have the time and also run this scan and post the log.

Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs.
Start RogueKiller.exe by double clicking on the icon.
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## pook123 (Sep 21, 2007)

Results of screen317's Security Check version 0.99.71 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 10 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
avast! Antivirus 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.75.0.1300 
Java 7 Update 25 
Google Chrome 28.0.1500.72 
Google Chrome 28.0.1500.95 
*````````Process Check: objlist.exe by Laurent````````* 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast AvastUI.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 
*````````````````````End of Log``````````````````````*


----------



## pook123 (Sep 21, 2007)

Mark, I did not know there was pirated software on my computer. I purchased this from a "geek" friend of mine. I am hesitant to remove it at this point without talking to him. I totally understand if you cannot continue, just let me know. Thank you.

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Richard11 [Admin rights]
Mode : Scan -- Date : 08/03/2013 15:32:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 activate.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST2000DL003-9VT166 +++++
--- User ---
[MBR] 45cced1f7e28b8ef2e76931941f6a54d
[BSP] 487c3af04927c38c6aec5547da047487 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08032013_153248.txt >>


----------



## Mark1956 (May 7, 2011)

If you paid for the Adobe software and were not aware that it was pirated I would be asking for your money back as you have been conned. If I am correct it will be CS5 or some other version which usually costs several hundred pounds. The entries in the hosts file are caused by a crack that installs them to keep the software validated by blocking any connection with the companie's site.

All you need do is go into Programs and Features and uninstall it. Once you have run RogueKiller following the instructions below the software will get blocked from running.

Then please run RogueKiller again as follows:


Quit all running programs.
Start RogueKiller.exe by double clicking on the icon.
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on *Hosts Fix* when complete.
Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.

The Security Check shows you are using IE10 and there is nothing that needs to be updated, in post 49 you said you had IE7.


----------



## pook123 (Sep 21, 2007)

Mark, when I said I paid for "this" I was referring to the computer, not the software particularly. At this point, I just don't feel comfortable continuing, and would like to talk with this person I purchased the computer from. There are other issues involved. I would like to end this thread, although I fully appreciate your concern and also fully appreciate all your help. Thank you very, very much. I believe that most of the problem I had is now gone.


----------



## Mark1956 (May 7, 2011)

I understand and you're most welcome, hope you get it all sorted out.

If you need further assistance please post back. You can mark the thread as solved from the Thread Tools tab just above the first post, but you will still be able to send new posts if you wish.


----------



## pook123 (Sep 21, 2007)

Mark, you are the best! Thanks again, Richard


----------



## Mark1956 (May 7, 2011)

:up:


----------

