Need for Speed

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Keith Hartsell

Thread Starter
Joined
May 25, 2006
Messages
19
I have an Inspiron 1501 with Windows XP. I want to clean up my laptop and get rid of any software I don't need. I only use it for emailing, internet, documents, watching netflix instantly and storing a handful of photos. Any help for cleaning up and speeding up my laptop?
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
Please click HERE to download and install HijackThis.

Run it and select Do a system scan and save a logfile from the Main Menu.

The log will be saved in Notepad. Copy and paste the log in your next post.

IMPORTANT: Do not fix anything
 

Keith Hartsell

Thread Starter
Joined
May 25, 2006
Messages
19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:41 PM, on 1/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: InstallerJava - https://secure2.edward.org/CACHE/sdesktop/install/binaries/instjava.cab
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://secure2.edward.org/+CSCOL+/relayp.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205290931001
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205291768640
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} (CSD ActiveX Installer) - https://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7516 bytes
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
You don't have that much running on the computer.

How much RAM is on the computer?
 

Keith Hartsell

Thread Starter
Joined
May 25, 2006
Messages
19
448 MB or RAM, should I increase this? I can upgrade from 2 GB with 667 Mhz speed to 4 GB with 800 Mhz.
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
Just noticed your computer is infected. Sorry.

Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. You should get an answer within the next 48 hours. Those guys are really busy!
 

Keith Hartsell

Thread Starter
Joined
May 25, 2006
Messages
19
Here is DDX text:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Keith at 15:48:16.37 on Sat 01/08/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.136 [GMT -6:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keith\Application Data\U3\00019B7143702C8C\LaunchPad.exe
C:\Documents and Settings\Keith\Local Settings\Temporary Internet Files\Content.IE5\VI1659EP\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [x3watch] c:\program files\x3watch\x3watch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\keith\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: InstallerJava - hxxps://secure2.edward.org/CACHE/sdesktop/install/binaries/instjava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://secure2.edward.org/+CSCOL+/relayp.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205290931001
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205291768640
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\keith\applic~1\mozilla\firefox\profiles\4hzq4b4e.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/a/churchrez.org/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fchurchrez.org%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2#inbox|http://www.synergyvacation.com/|http://www.synergyhospitality.com/our_team.php
FF - plugin: c:\documents and settings\keith\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-2 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-2 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-2 56816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

=============== Created Last 30 ================

2011-01-08 21:35:02 0 ----a-w- C:\LOG5B.tmp
2011-01-08 21:11:05 -------- d-----w- c:\program files\Trend Micro
2010-12-15 00:58:02 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 21:54:35 0 ----a-w- C:\LOG4E.tmp
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-07-02 22:36:13 2033448 ----a-w- c:\program files\SkypeSetup.exe
2009-03-05 23:37:18 835107 -c--a-w- c:\program files\setup.exe

============= FINISH: 15:50:24.87 ===============


The Attach File is attached.

Here is the Ark.Txt

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-08 16:03:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM060HI rev.YD100-15
Running: qz3ts6xr[1].exe; Driver: C:\DOCUME~1\Keith\LOCALS~1\Temp\fgtyapob.sys


---- System - GMER 1.0.15 ----

SSDT F7D1EED6 ZwCreateKey
SSDT F7D1EECC ZwCreateThread
SSDT F7D1EEDB ZwDeleteKey
SSDT F7D1EEE5 ZwDeleteValueKey
SSDT F7D1EEEA ZwLoadKey
SSDT F7D1EEB8 ZwOpenProcess
SSDT F7D1EEBD ZwOpenThread
SSDT F7D1EEF4 ZwReplaceKey
SSDT F7D1EEEF ZwRestoreKey
SSDT F7D1EEE0 ZwSetValueKey
SSDT F7D1EEC7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 250C 80501D44 4 Bytes JMP 74F7D1EE
? C:\DOCUME~1\Keith\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2924] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session [email protected] ???0?"??? ???????0???????????????????????????????f??SanDisk U3 Cruzer Micro USB Device?tro???0???Q?Q?Q???>?>?>?>?>???0??????????????? x??????+?????????????*??$???????????????????0??s??? ???????0?????0???????*??*??????????????????7??fdc?????? ???????0??????????????????????L?????????????sion??? ???????%?????0?????0????"?????????????7s???????0???V??????so??\\?\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}\SAD7?o??? ???????0??????????????????????L?????????????sogr??{17CCA71B-ECD7-11D0-B908-00A0C9223196}????"??0???s??????su??USB Audio Device?l??? ???????%?????0?????0????"??????????????????????0???i??????ck??SamSs??t?????>?>?>?>?????????????:??????????il??Canon Digital Camera????????-9??????? ???????0??????????? ?*??????*?????????????????????? x??????0?????????????*?????????????????????????????0???>?>?>?>?>??? ???????>???????????/???????????????????0??\\?\USB#Vid_05ac&Pid_1281#CPID:8900_CPRV:30_CPFM:03_SCEP:05_BDID:04_ECID:000003CE7C1C832D_I

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----
 

Attachments

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,282
Hiya :)

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie
 

Keith Hartsell

Thread Starter
Joined
May 25, 2006
Messages
19
Eddie,

Thanks so much my friend. Here are the reports:

SuperAntiSpyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/10/2011 at 11:38 PM

Application Version : 4.47.1000

Core Rules Database Version : 6172
Trace Rules Database Version: 3984

Scan type : Complete Scan
Total Scan Time : 01:00:19

Memory items scanned : 453
Memory threats detected : 0
Registry items scanned : 5720
Registry threats detected : 0
File items scanned : 45461
File threats detected : 554

Adware.Tracking Cookie
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][4].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\keit[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][5].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][6].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
stat.onestat.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.andomedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.marthastewart.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.s.clickability.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.s.clickability.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.bluestreak.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.highbeam.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.dailyheraldpaddockpublication.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.chicagosuntimes.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.associatedcontent.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ticketsnow.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adtech.de [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
data.coremetrics.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.stardoll.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.condenast.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.snapfish.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.popcapgames.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.googleads.g.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.metacafe.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.countrystorecatalog.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.andomedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.socialmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.marketlive.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
adtracker.americantowns.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.accessdiscounts.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.perf.overture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.accessdiscounts.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.accessdiscounts.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.accessdiscounts.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.stats.paypal.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
d.mediadakine.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.mediadakine.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.media.causes.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
tracking.etapestry.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
tracking.etapestry.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.track.tester-rewards.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.banner.adchemy.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.babynamescountry.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.babynamescountry.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.seventeen.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ads.gamesbannernet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ads.gamesbannernet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ads.gamesbannernet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ads.gamesbannernet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.walmart.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revenue.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
stat.dealtime.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.lockedonmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
counter.hitslink.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.e-2dj6wgkiglc5mko.stats.esomniture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.dealtime.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tracking.realtor.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.homestore.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ad.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adserver1.christianitytoday.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adserver1.christianitytoday.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.googleads.g.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.track.claimfreerewards.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.cratebarrel.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.network.realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.countrygardencuisine.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.countrygardencuisine.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adserver1.christianitytoday.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adserver1.christianitytoday.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.homefinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.homefinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.cvhs.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.cvhs.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.cvhs.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.cvhs.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
adserver.lat49.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.smartdestinations.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.evite.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.www.ezytrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.www.ezytrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
counter.surfcounters.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.prnewswire.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.publicstorage.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ad.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.burstbeacon.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.telefloracom.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.timeinc.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.find.myrecipes.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.find.myrecipes.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
crosscountryfurniture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.amazonmerchants.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.discounts.common-deals.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.e-2dj6wgkokpcjgbp.stats.esomniture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.healthgrades.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.answerstv.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tracking.foxnews.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.tracking.foxnews.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.track.internetpromorewards.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.track.internetpromorewards.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.1800gotjunk.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.petfinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.petfinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.petfinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.petfinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.eporia.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:20 AM, on 1/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: InstallerJava - https://secure2.edward.org/CACHE/sdesktop/install/binaries/instjava.cab
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://secure2.edward.org/+CSCOL+/relayp.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205290931001
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205291768640
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} (CSD ActiveX Installer) - https://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7675 bytes
 

Keith Hartsell

Thread Starter
Joined
May 25, 2006
Messages
19
MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5501

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/10/2011 9:34:36 PM
mbam-log-2011-01-10 (21-34-36).txt

Scan type: Quick scan
Objects scanned: 135394
Time elapsed: 13 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVCHOST.EXE (Trojan.Agent) -> Value: SVCHOST.EXE -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,282
Okay, lets do this now :)

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
 

Keith Hartsell

Thread Starter
Joined
May 25, 2006
Messages
19
Eddie,

Thanks so much for you continual help. Here is the Combo txt log:

ComboFix 11-01-14.01 - Keith 01/14/2011 13:06:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.254 [GMT -6:00]
Running from: c:\documents and settings\Keith\Desktop\username123.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Keith\g2mdlhlpx.exe
c:\documents and settings\Keith\GoToAssistDownloadHelper.exe
c:\documents and settings\Keith\Recent\Thumbs.db
c:\program files\\setup.exe
c:\program files\Setup.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-11 04:31 . 2011-01-11 04:31 -------- d-----w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com
2011-01-11 04:31 . 2011-01-11 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 04:31 . 2011-01-11 04:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-11 02:36 . 2011-01-11 02:36 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes
2011-01-11 02:36 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 02:35 . 2011-01-11 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-11 02:35 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 02:35 . 2011-01-11 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-03-12 03:09 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2002-09-03 19:50 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2002-09-03 19:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-09-03 19:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-09-03 19:48 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-09-03 19:33 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-09-03 20:03 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-07-02 22:36 . 2009-07-02 22:36 2033448 ----a-w- c:\program files\SkypeSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-03-17 1392640]
"x3watch"="c:\program files\X3watch\x3watch.exe" [2008-06-01 299008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-25 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

c:\documents and settings\Keith\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/2/2009 11:40 AM 108289]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 9:05 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:05]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:05]

2011-01-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: InstallerJava - hxxps://secure2.edward.org/CACHE/sdesktop/install/binaries/instjava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://secure2.edward.org/+CSCOL+/relayp.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\documents and settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/a/churchrez.org/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fchurchrez.org%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2#inbox|http://www.synergyvacation.com/|http://www.synergyhospitality.com/our_team.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
Notify-AtiExtEvent - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 13:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\16?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"c:\\dell\\drivers\\r174511\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-01-14 13:15:54
ComboFix-quarantined-files.txt 2011-01-14 19:15

Pre-Run: 49,229,856,768 bytes free
Post-Run: 49,204,912,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 1B8DE20E16939BD625074FE6FA7335A3
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,282
Hmmm, lets have a look at one of those entries deeper:


Download LockSearch to your desktop
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,282
Hiya

Replying just to let you know I have to be away from home for a week. This wasn't planned, hence the late warning.

I'll be able to look at this thread at lunchtimes, but I've asked some others to take a look at the thread, whilst I'm away.

Hope you understand, and see you in a week :)

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top