1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need for Speed

Discussion in 'Virus & Other Malware Removal' started by Keith Hartsell, Jan 8, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Keith Hartsell

    Keith Hartsell Thread Starter

    Joined:
    May 25, 2006
    Messages:
    19
    I have an Inspiron 1501 with Windows XP. I want to clean up my laptop and get rid of any software I don't need. I only use it for emailing, internet, documents, watching netflix instantly and storing a handful of photos. Any help for cleaning up and speeding up my laptop?
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Please click HERE to download and install HijackThis.

    Run it and select Do a system scan and save a logfile from the Main Menu.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    IMPORTANT: Do not fix anything
     
  3. Keith Hartsell

    Keith Hartsell Thread Starter

    Joined:
    May 25, 2006
    Messages:
    19
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:11:41 PM, on 1/8/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\System32\WLTRAY.exe
    C:\Program Files\X3watch\x3watch.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
    O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: InstallerJava - https://secure2.edward.org/CACHE/sdesktop/install/binaries/instjava.cab
    O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://secure2.edward.org/+CSCOL+/relayp.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205290931001
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205291768640
    O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} (CSD ActiveX Installer) - https://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 7516 bytes
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    You don't have that much running on the computer.

    How much RAM is on the computer?
     
  5. Keith Hartsell

    Keith Hartsell Thread Starter

    Joined:
    May 25, 2006
    Messages:
    19
    448 MB or RAM, should I increase this? I can upgrade from 2 GB with 667 Mhz speed to 4 GB with 800 Mhz.
     
  6. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Just noticed your computer is infected. Sorry.

    Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. You should get an answer within the next 48 hours. Those guys are really busy!
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Yes, you should add more RAM. You should have at least 1 GB.
     
  8. Keith Hartsell

    Keith Hartsell Thread Starter

    Joined:
    May 25, 2006
    Messages:
    19
    Here is DDX text:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Keith at 15:48:16.37 on Sat 01/08/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.136 [GMT -6:00]

    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRAY.exe
    C:\Program Files\X3watch\x3watch.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Keith\Application Data\U3\00019B7143702C8C\LaunchPad.exe
    C:\Documents and Settings\Keith\Local Settings\Temporary Internet Files\Content.IE5\VI1659EP\dds[1].scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [x3watch] c:\program files\x3watch\x3watch.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\keith\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: InstallerJava - hxxps://secure2.edward.org/CACHE/sdesktop/install/binaries/instjava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://secure2.edward.org/+CSCOL+/relayp.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205290931001
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205291768640
    DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\keith\applic~1\mozilla\firefox\profiles\4hzq4b4e.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/a/churchrez.org/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fchurchrez.org%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2#inbox|http://www.synergyvacation.com/|http://www.synergyhospitality.com/our_team.php
    FF - plugin: c:\documents and settings\keith\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-2 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-2 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-2 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-2 56816]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

    =============== Created Last 30 ================

    2011-01-08 21:35:02 0 ----a-w- C:\LOG5B.tmp
    2011-01-08 21:11:05 -------- d-----w- c:\program files\Trend Micro
    2010-12-15 00:58:02 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 21:54:35 0 ----a-w- C:\LOG4E.tmp
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2009-07-02 22:36:13 2033448 ----a-w- c:\program files\SkypeSetup.exe
    2009-03-05 23:37:18 835107 -c--a-w- c:\program files\setup.exe

    ============= FINISH: 15:50:24.87 ===============


    The Attach File is attached.

    Here is the Ark.Txt

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-08 16:03:50
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM060HI rev.YD100-15
    Running: qz3ts6xr[1].exe; Driver: C:\DOCUME~1\Keith\LOCALS~1\Temp\fgtyapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT F7D1EED6 ZwCreateKey
    SSDT F7D1EECC ZwCreateThread
    SSDT F7D1EEDB ZwDeleteKey
    SSDT F7D1EEE5 ZwDeleteValueKey
    SSDT F7D1EEEA ZwLoadKey
    SSDT F7D1EEB8 ZwOpenProcess
    SSDT F7D1EEBD ZwOpenThread
    SSDT F7D1EEF4 ZwReplaceKey
    SSDT F7D1EEEF ZwRestoreKey
    SSDT F7D1EEE0 ZwSetValueKey
    SSDT F7D1EEC7 ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 250C 80501D44 4 Bytes JMP 74F7D1EE
    ? C:\DOCUME~1\Keith\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2624] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2924] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session [email protected] ???0?"??? ???????0???????????????????????????????f??SanDisk U3 Cruzer Micro USB Device?tro???0???Q?Q?Q???>?>?>?>?>???0??????????????? x??????+?????????????*??$???????????????????0??s??? ???????0?????0???????*??*??????????????????7??fdc?????? ???????0??????????????????????L?????????????sion??? ???????%?????0?????0????"?????????????7s???????0???V??????so??\\?\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}\SAD7?o??? ???????0??????????????????????L?????????????sogr??{17CCA71B-ECD7-11D0-B908-00A0C9223196}????"??0???s??????su??USB Audio Device?l??? ???????%?????0?????0????"??????????????????????0???i??????ck??SamSs??t?????>?>?>?>?????????????:??????????il??Canon Digital Camera????????-9??????? ???????0??????????? ?*??????*?????????????????????? x??????0?????????????*?????????????????????????????0???>?>?>?>?>??? ???????>???????????/???????????????????0??\\?\USB#Vid_05ac&Pid_1281#CPID:8900_CPRV:30_CPFM:03_SCEP:05_BDID:04_ECID:000003CE7C1C832D_I

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    Hiya :)

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    eddie
     
  10. Keith Hartsell

    Keith Hartsell Thread Starter

    Joined:
    May 25, 2006
    Messages:
    19
    Eddie,

    Thanks so much my friend. Here are the reports:

    SuperAntiSpyware Log:
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/10/2011 at 11:38 PM

    Application Version : 4.47.1000

    Core Rules Database Version : 6172
    Trace Rules Database Version: 3984

    Scan type : Complete Scan
    Total Scan Time : 01:00:19

    Memory items scanned : 453
    Memory threats detected : 0
    Registry items scanned : 5720
    Registry threats detected : 0
    File items scanned : 45461
    File threats detected : 554

    Adware.Tracking Cookie
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][4].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][3].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][5].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][3].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][6].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][1].txt
    C:\Documents and Settings\Keith\Cookies\[email protected][2].txt
    stat.onestat.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    stat.onestat.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .andomedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .apmebf.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .marthastewart.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    eas.apm.emediate.eu [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .s.clickability.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .s.clickability.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .bluestreak.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    stat.onestat.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    statse.webtrendslive.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .yieldmanager.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .overture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .overture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adlegend.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .questionmarket.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .bs.serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .burstnet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trvlnet.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .highbeam.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .dailyheraldpaddockpublication.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .chicagosuntimes.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .chitika.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .associatedcontent.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ticketsnow.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adtech.de [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .a1.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    rotator.adjuggler.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    rotator.adjuggler.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .dmtracker.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    data.coremetrics.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    dc.tremormedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .stardoll.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .videoegg.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .247realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .overture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .condenast.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .eyewonder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .eyewonder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .eyewonder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .snapfish.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .burstnet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .popcapgames.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .googleads.g.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ads.bridgetrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .247realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .pro-market.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .metacafe.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.countrystorecatalog.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .andomedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .socialmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .marketlive.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    adtracker.americantowns.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .accessdiscounts.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .perf.overture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.accessdiscounts.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.accessdiscounts.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.accessdiscounts.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .paypal.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .stats.paypal.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adecn.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    d.mediadakine.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .mediadakine.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .media.causes.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    tracking.etapestry.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    tracking.etapestry.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .track.tester-rewards.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .bizrate.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .banner.adchemy.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .viacom.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .viacom.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .viacom.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .babynamescountry.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .babynamescountry.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .seventeen.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ads.gamesbannernet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ads.gamesbannernet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ads.gamesbannernet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ads.gamesbannernet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .walmart.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revenue.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    bridge2.admarketplace.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .admarketplace.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    stat.dealtime.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .lockedonmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .msnportal.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    counter.hitslink.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    eas.apm.emediate.eu [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .e-2dj6wgkiglc5mko.stats.esomniture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .dealtime.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tracking.realtor.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .homestore.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adxpose.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ad.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adserver1.christianitytoday.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adserver1.christianitytoday.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .googleads.g.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .track.claimfreerewards.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .cratebarrel.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .network.realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .lucidmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    citi.bridgetrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    citi.bridgetrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .countrygardencuisine.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .countrygardencuisine.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adserver1.christianitytoday.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adserver1.christianitytoday.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .homefinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .homefinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .cvhs.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .cvhs.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .cvhs.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .cvhs.adbureau.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    citi.bridgetrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .247realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    adserver.lat49.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .a1.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .roiservice.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .smartdestinations.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .evite.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .burstnet.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .www.ezytrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .www.ezytrack.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    counter.surfcounters.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .prnewswire.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .publicstorage.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ad.doubleclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .a1.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.burstbeacon.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .burstbeacon.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .telefloracom.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .timeinc.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .find.myrecipes.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .find.myrecipes.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .nextag.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    crosscountryfurniture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .amazonmerchants.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .discounts.common-deals.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .e-2dj6wgkokpcjgbp.stats.esomniture.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .healthgrades.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .answerstv.112.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tracking.foxnews.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .tracking.foxnews.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .track.internetpromorewards.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .track.internetpromorewards.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .1800gotjunk.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .a1.interclick.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .questionmarket.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .petfinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .petfinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .petfinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .petfinder.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .eporia.122.2o7.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\cookies.sqlite ]

    HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:22:20 AM, on 1/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\WLTRAY.exe
    C:\Program Files\X3watch\x3watch.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
    O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: InstallerJava - https://secure2.edward.org/CACHE/sdesktop/install/binaries/instjava.cab
    O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://secure2.edward.org/+CSCOL+/relayp.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205290931001
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205291768640
    O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} (CSD ActiveX Installer) - https://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 7675 bytes
     
  11. Keith Hartsell

    Keith Hartsell Thread Starter

    Joined:
    May 25, 2006
    Messages:
    19
    MBAM Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5501

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/10/2011 9:34:36 PM
    mbam-log-2011-01-10 (21-34-36).txt

    Scan type: Quick scan
    Objects scanned: 135394
    Time elapsed: 13 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVCHOST.EXE (Trojan.Agent) -> Value: SVCHOST.EXE -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    Okay, lets do this now :)

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  13. Keith Hartsell

    Keith Hartsell Thread Starter

    Joined:
    May 25, 2006
    Messages:
    19
    Eddie,

    Thanks so much for you continual help. Here is the Combo txt log:

    ComboFix 11-01-14.01 - Keith 01/14/2011 13:06:50.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.254 [GMT -6:00]
    Running from: c:\documents and settings\Keith\Desktop\username123.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Keith\g2mdlhlpx.exe
    c:\documents and settings\Keith\GoToAssistDownloadHelper.exe
    c:\documents and settings\Keith\Recent\Thumbs.db
    c:\program files\\setup.exe
    c:\program files\Setup.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
    .

    2011-01-11 04:31 . 2011-01-11 04:31 -------- d-----w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com
    2011-01-11 04:31 . 2011-01-11 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-01-11 04:31 . 2011-01-11 04:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-11 02:36 . 2011-01-11 02:36 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes
    2011-01-11 02:36 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-11 02:35 . 2011-01-11 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-11 02:35 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-11 02:35 . 2011-01-11 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\program files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2008-03-12 03:09 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2002-09-03 19:50 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2002-09-03 19:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2002-09-03 19:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2002-09-03 19:48 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2002-09-03 19:33 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2002-09-03 20:03 1853312 ----a-w- c:\windows\system32\win32k.sys
    2009-07-02 22:36 . 2009-07-02 22:36 2033448 ----a-w- c:\program files\SkypeSetup.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-03-17 1392640]
    "x3watch"="c:\program files\X3watch\x3watch.exe" [2008-06-01 299008]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-25 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

    c:\documents and settings\Keith\Start Menu\Programs\Startup\
    DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/2/2009 11:40 AM 108289]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 9:05 PM 135664]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:05]

    2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:05]

    2011-01-14 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: InstallerJava - hxxps://secure2.edward.org/CACHE/sdesktop/install/binaries/instjava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://secure2.edward.org/+CSCOL+/relayp.cab
    DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure2.edward.org/CACHE/sdesktop/install/binaries/instweb.cab
    FF - ProfilePath - c:\documents and settings\Keith\Application Data\Mozilla\Firefox\Profiles\4hzq4b4e.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/a/churchrez.org/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fchurchrez.org%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2#inbox|http://www.synergyvacation.com/|http://www.synergyhospitality.com/our_team.php
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    Notify-AtiExtEvent - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-14 13:12
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY*]
    "DisplayName"="???\16?\11\09"
    "DeviceDesc"="???\16?\11\09"
    "ProviderName"="???\11?\16?\11??"
    "MFG"="???????"
    "ReinstallString"=".10.1000.8"
    "DeviceInstanceIds"=multi:"c:\\dell\\drivers\\r174511\\smbus\\smbusati.inf\00"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(812)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2011-01-14 13:15:54
    ComboFix-quarantined-files.txt 2011-01-14 19:15

    Pre-Run: 49,229,856,768 bytes free
    Post-Run: 49,204,912,128 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 1B8DE20E16939BD625074FE6FA7335A3
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    Hmmm, lets have a look at one of those entries deeper:


    Download LockSearch to your desktop
    • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
    • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

    eddie
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    Hiya

    Replying just to let you know I have to be away from home for a week. This wasn't planned, hence the late warning.

    I'll be able to look at this thread at lunchtimes, but I've asked some others to take a look at the thread, whilst I'm away.

    Hope you understand, and see you in a week :)

    eddie
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973455

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice