Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: nathdep on March 31, 2012, 09:44:46 PM
-
Hi! For the past few days, I have been searching the net using Google and when I click on a link, it redirects me to a completely different site. I have experienced this type of malware before as I have been infected by numerous rogue antiviruses but for some reason I just got this redirect virus without the rogue antivirus. I have run many tests including the tests this site requires along with spyware s&d, tdskiller, and avg antivirus. All of these scans have yielded inconclusive results except for the SUPERAntiSpyware which picked up over 500 tracking cookies. Thanks!
Here are the logs:
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2011 12:59:55 PM
System Uptime: 3/31/2012 11:24:19 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel Pentium III Xeon processor | Socket 775 | 2527/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 281.953 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP59: 1/2/2012 11:53:12 AM - Software Distribution Service 3.0
RP60: 1/3/2012 1:32:23 PM - System Checkpoint
RP61: 1/4/2012 7:33:10 AM - Software Distribution Service 3.0
RP62: 1/5/2012 7:48:28 AM - System Checkpoint
RP63: 1/6/2012 7:21:18 AM - Software Distribution Service 3.0
RP64: 1/6/2012 8:32:08 PM - Installed Quo v2
RP65: 1/6/2012 8:36:05 PM - Removed Quo v2
RP66: 1/7/2012 9:36:57 AM - Software Distribution Service 3.0
RP67: 1/8/2012 9:39:48 AM - System Checkpoint
RP68: 1/8/2012 2:03:25 PM - Software Distribution Service 3.0
RP69: 1/9/2012 2:11:00 PM - System Checkpoint
RP70: 1/10/2012 7:20:44 AM - Software Distribution Service 3.0
RP71: 1/10/2012 10:47:28 PM - Software Distribution Service 3.0
RP72: 1/11/2012 4:17:36 PM - Software Distribution Service 3.0
RP73: 1/11/2012 10:36:47 PM - Software Distribution Service 3.0
RP74: 1/12/2012 5:28:24 PM - Software Distribution Service 3.0
RP75: 1/12/2012 10:39:15 PM - Software Distribution Service 3.0
RP76: 1/13/2012 11:12:32 PM - System Checkpoint
RP77: 1/14/2012 8:51:53 AM - Software Distribution Service 3.0
RP78: 1/15/2012 1:20:46 PM - Software Distribution Service 3.0
RP79: 1/16/2012 1:40:58 PM - System Checkpoint
RP80: 1/17/2012 7:34:40 AM - Software Distribution Service 3.0
RP81: 1/18/2012 7:42:00 AM - System Checkpoint
RP82: 1/19/2012 7:14:43 AM - Software Distribution Service 3.0
RP83: 1/20/2012 7:52:16 AM - System Checkpoint
RP84: 1/21/2012 10:06:57 AM - Software Distribution Service 3.0
RP85: 1/21/2012 4:45:46 PM - Installed AVG 2012
RP86: 1/21/2012 4:45:58 PM - Installed AVG 2012
RP87: 1/22/2012 5:40:05 PM - System Checkpoint
RP88: 1/23/2012 6:39:56 PM - System Checkpoint
RP89: 1/24/2012 6:58:25 PM - System Checkpoint
RP90: 1/25/2012 7:08:53 PM - System Checkpoint
RP91: 1/26/2012 7:25:47 PM - System Checkpoint
RP92: 1/27/2012 8:32:02 PM - System Checkpoint
RP93: 1/29/2012 9:44:07 AM - System Checkpoint
RP94: 1/30/2012 12:13:59 PM - System Checkpoint
RP95: 1/31/2012 12:18:37 PM - System Checkpoint
RP96: 2/1/2012 12:42:04 PM - System Checkpoint
RP97: 2/2/2012 1:10:52 PM - System Checkpoint
RP98: 2/3/2012 1:28:01 PM - System Checkpoint
RP99: 2/4/2012 3:14:48 PM - System Checkpoint
RP100: 2/4/2012 10:06:08 PM - Installed Windows XP Wdf01009.
RP101: 2/5/2012 10:17:23 PM - System Checkpoint
RP102: 2/6/2012 10:54:21 PM - Software Distribution Service 3.0
RP103: 2/8/2012 7:50:38 AM - System Checkpoint
RP104: 2/9/2012 8:20:07 AM - System Checkpoint
RP105: 2/10/2012 9:14:02 AM - System Checkpoint
RP106: 2/11/2012 11:51:14 AM - System Checkpoint
RP107: 2/12/2012 12:05:21 PM - System Checkpoint
RP108: 2/13/2012 12:20:05 PM - System Checkpoint
RP109: 2/14/2012 12:29:25 PM - System Checkpoint
RP110: 2/15/2012 12:45:03 PM - System Checkpoint
RP111: 2/16/2012 1:25:49 PM - System Checkpoint
RP112: 2/16/2012 4:55:26 PM - Software Distribution Service 3.0
RP113: 2/17/2012 5:10:50 PM - System Checkpoint
RP114: 2/18/2012 6:00:22 PM - System Checkpoint
RP115: 2/19/2012 6:46:50 PM - System Checkpoint
RP116: 2/20/2012 7:33:21 PM - System Checkpoint
RP117: 2/21/2012 10:15:34 PM - System Checkpoint
RP118: 2/23/2012 7:50:21 AM - System Checkpoint
RP119: 2/24/2012 8:01:09 AM - System Checkpoint
RP120: 2/25/2012 9:50:13 AM - System Checkpoint
RP121: 2/26/2012 10:10:52 AM - System Checkpoint
RP122: 2/27/2012 11:10:25 AM - System Checkpoint
RP123: 2/28/2012 11:25:05 AM - System Checkpoint
RP124: 2/29/2012 11:50:59 AM - System Checkpoint
RP125: 3/1/2012 12:00:54 PM - System Checkpoint
RP126: 3/2/2012 1:50:12 PM - System Checkpoint
RP127: 3/3/2012 2:45:32 PM - System Checkpoint
RP128: 3/4/2012 6:05:30 PM - System Checkpoint
RP129: 3/5/2012 6:14:30 PM - System Checkpoint
RP130: 3/6/2012 7:14:58 PM - System Checkpoint
RP131: 3/8/2012 7:48:05 AM - System Checkpoint
RP132: 3/9/2012 7:53:43 AM - System Checkpoint
RP133: 3/10/2012 8:45:29 AM - System Checkpoint
RP134: 3/11/2012 9:46:40 AM - System Checkpoint
RP135: 3/12/2012 10:20:04 AM - System Checkpoint
RP136: 3/13/2012 11:16:56 AM - System Checkpoint
RP137: 3/14/2012 1:21:10 PM - System Checkpoint
RP138: 3/14/2012 10:36:34 PM - Software Distribution Service 3.0
RP139: 3/16/2012 1:13:16 PM - System Checkpoint
RP140: 3/17/2012 3:31:21 PM - System Checkpoint
RP141: 3/18/2012 3:49:35 PM - System Checkpoint
RP142: 3/19/2012 3:55:38 PM - System Checkpoint
RP143: 3/20/2012 5:07:50 PM - System Checkpoint
RP144: 3/21/2012 5:13:39 PM - System Checkpoint
RP145: 3/22/2012 6:48:55 PM - System Checkpoint
RP146: 3/23/2012 7:15:19 PM - System Checkpoint
RP147: 3/24/2012 7:22:22 PM - System Checkpoint
RP148: 3/25/2012 8:17:36 PM - System Checkpoint
RP149: 3/26/2012 9:13:43 PM - System Checkpoint
RP150: 3/28/2012 7:57:48 AM - System Checkpoint
RP151: 3/29/2012 8:04:58 AM - System Checkpoint
RP152: 3/30/2012 8:10:02 AM - System Checkpoint
RP153: 3/31/2012 10:41:08 AM - System Checkpoint
RP154: 3/31/2012 8:13:15 PM - Online Armor installation
RP155: 3/31/2012 10:40:52 PM - Agnitum Outpost Firewall Restore Point: install
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
ATI Display Driver
AVG 2012
BufferChm
C6300
CCleaner
Compatibility Pack for the 2007 Office system
Destination Component
DeviceDiscovery
eReg
Google Update Helper
GPBaseService2
HFSExplorer 0.21
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ICQ7.7
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD 4
Java(TM) 6 Update 24
Java(TM) 7 Update 1
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MiKTeX 2.9
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Notepad++
OpenOffice.org 3.3
Outpost Firewall 2009
Pegasus Mail HTML Renderer 2.4.5.18
PopCap Browser Plugin
PS_AIO_04_C6300_Software_Min
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
SumatraPDF 1.9
SUPERAntiSpyware
swMSM
TeamViewer 7
TexMakerX 2.1
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
WinDjView 1.0.3
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Zuma Deluxe
ZumoCast
.
==== End Of File ===========================
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by USER at 23:35:05 on 2012-03-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2571 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Zecter\ZumoCast\bin\gst-thumbnailer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ZumoCast] c:\program files\zecter\zumocast\ZumoLauncher.lnk
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ICQ] "c:\program files\icq7.7\ICQ.exe" silent loginmode=4
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\icq7.7\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CDEF3699-E1E8-44F7-BB9E-92B773A36165} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\4mw85kbr.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\4mw85kbr.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2012-3-31 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2012-3-31 1195008]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-2-4 12184]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2012-3-31 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2012-3-31 257432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S0 cerc6;cerc6;
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-27 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-12-6 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-27 136176]
.
=============== Created Last 30 ================
.
2012-04-01 02:47:24 -------- d-----w- c:\documents and settings\user\local settings\application data\Google
2012-04-01 02:42:40 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2012-04-01 02:42:31 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-04-01 02:40:58 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2012-04-01 02:40:48 -------- d-----w- c:\program files\Agnitum
2012-04-01 02:40:33 -------- d-----w- c:\documents and settings\all users\application data\Agnitum
2012-03-31 23:42:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-31 23:42:49 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-03-30 01:41:52 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2012-03-30 01:41:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-30 01:41:33 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-30 01:26:12 -------- d-----w- c:\documents and settings\user\local settings\application data\NPE
2012-03-30 01:26:12 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-03-18 02:15:03 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 02:15:03 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-13 23:03:08 -------- d-----w- c:\windows\system32\Adobe
2012-03-09 12:17:19 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2012-02-19 18:50:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 17:30:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-11 17:30:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-05 03:06:11 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 23:35:31.00 ===============
MBAM:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.31.14
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: USER-FFE079D9B5 [administrator]
3/31/2012 11:28:11 PM
mbam-log-2012-03-31 (23-28-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196672
Time elapsed: 3 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
SUPERAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/31/2012 at 11:22 PM
Application Version : 5.0.1146
Core Rules Database Version : 8402
Trace Rules Database Version: 6214
Scan type : Complete Scan
Total Scan Time : 00:26:42
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 589
Memory threats detected : 0
Registry items scanned : 32842
Registry threats detected : 0
File items scanned : 115059
File threats detected : 525
Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\GI20X3F0.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\ZR6XNF8A.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\82R0RNOW.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\INGAX1X1.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\OO7YGQGN.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\D15JL7JR.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\2EDCPVIM.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\FPLDM12O.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\S19B7CW5.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\S8O08DJM.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\7FRRS35U.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\21ALXRUO.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\38LL3XNR.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\YV9B63F0.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\P6QL4PJI.txt [ Cookie:sharon [email protected]/pagead/conversion/1014196614/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\HYNN0HUB.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\G0HUIYJ1.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\DF2L2WZT.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\ZD7I2W9J.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\D03T7F2M.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\M2EDLP9B.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\QCISRKI4.txt [ Cookie:sharon [email protected]/pubs/cpa/track/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\9RRCTCXH.txt [ Cookie:sharon [email protected]/pagead/conversion/1072728000/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\2IQCZZMU.txt [ Cookie:sharon [email protected]/pagead/conversion/1063700282/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\G0CDUP7F.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\SSPKCELY.txt [ Cookie:sharon [email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\ZG23JQ3D.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\U3GGBZEP.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\06ECBMFP.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\L3G4086A.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\ZYGZN1D1.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\4ZFXOV76.txt [ Cookie:sharon [email protected]/pagead/conversion/1028081266/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\OCZ8QTO0.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\GEUEJ65T.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\JPQ3DDCX.txt [ Cookie:sharon [email protected]/ ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
media.lvrj.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.addynamix.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
tracking.waterfrontmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.c.gigcount.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
pappasgroup.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
pappasgroup.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
ox.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.symptomfind.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.symptomfind.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.symptomfind.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
pluckit.demandmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.equifaxps.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.experianservicescorp.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.sexyforever.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.sexyforever.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.sexyforever.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
www.sexyforever.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.superpages.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.sportingnews.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.gntbcstglobal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.warnerbros.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
www.bizrate.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
www.bizrate.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.*censored*.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
d.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.clickbooth.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.peoplefinders.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.peoplefinders.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
www.peoplefinders.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
www.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.marscorporation.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.game-advertising-online.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.bonton.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.bonniercorp.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.valspar.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.interchangecorporation.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.webservices.evolvemediacorp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.webservices.evolvemediacorp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
cdn.uc.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.microsoftwlsearchcrm.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.cbcnewmedia.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.medhelpinternational.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.americancancersocietyinc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.citygridmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
*****************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Thanks for replying!
I want to let you know that I had to run Combofix twice as it froze in the middle of the first attempt. I think this is due to the fact that I only disabled AVG's Resident Shield and not the whole antivirus.
Also, I wanted to mention in the first post that I had a suspicious Windows Messenger icon in my toolbar that has since disappeared after running Combofix.
Here are the logs:
Combofix:
ComboFix 12-04-01.01 - USER 04/01/2012 15:06:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2580 [GMT -4:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\SET114.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET169.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 02:47 . 2012-04-01 02:47 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Google
2012-04-01 02:42 . 2012-04-01 02:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-04-01 02:42 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2012-04-01 02:42 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-04-01 02:40 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2012-04-01 02:40 . 2012-04-01 02:40 -------- d-----w- c:\program files\Agnitum
2012-04-01 02:40 . 2012-04-01 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2012-03-31 23:42 . 2012-04-01 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-31 23:42 . 2012-04-01 00:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-30 01:41 . 2012-03-30 01:41 -------- d-----w- c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com
2012-03-30 01:41 . 2012-03-30 01:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-30 01:41 . 2012-03-30 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-30 01:26 . 2012-03-30 01:37 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\NPE
2012-03-30 01:26 . 2012-03-30 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-03-28 01:52 . 2012-03-28 01:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-03-28 01:47 . 2012-03-28 01:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-03-28 01:47 . 2012-03-29 15:12 -------- d-----w- c:\documents and settings\Sharon DePuy\Local Settings\Application Data\Google
2012-03-28 01:46 . 2012-04-01 03:24 -------- d-----w- c:\program files\Google
2012-03-18 02:15 . 2012-03-18 02:15 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 02:15 . 2012-03-18 02:15 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 23:03 . 2012-03-13 23:09 -------- d-----w- c:\windows\system32\Adobe
2012-03-09 12:17 . 2012-03-09 12:17 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 18:50 . 2011-12-07 02:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 17:30 . 2008-10-17 00:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-11 17:30 . 2008-10-17 00:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-05 03:06 . 2012-02-05 03:06 53248 ----a-r- c:\documents and settings\USER\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-05 03:06 . 2012-02-05 03:06 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-03 09:22 . 2008-04-13 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 15:43 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-12-05 17:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 02:15 . 2011-12-28 22:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoCast"="c:\program files\Zecter\ZumoCast\ZumoLauncher.lnk" [2011-12-08 1625]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-11 296056]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 428032]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Zecter\\ZumoCast\\zumocast.exe"=
"c:\\Program Files\\Zecter\\ZumoCast\\bin\\gst-thumbnailer.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 2:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 295248]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [3/31/2012 10:42 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [3/31/2012 10:40 PM 1195008]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2/4/2012 11:05 PM 12184]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [3/31/2012 10:40 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [3/31/2012 10:42 PM 257432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 2:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 2:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 7:21 AM 16720]
S0 cerc6;cerc6;
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/27/2012 9:47 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/6/2011 11:06 PM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/27/2012 9:47 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 01:47]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 01:47]
.
2012-04-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1060284298-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
2012-04-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1060284298-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
2012-03-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1060284298-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
2012-02-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1060284298-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\4mw85kbr.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-ICQ - c:\program files\ICQ7.7\ICQ.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 15:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Zecter\ZumoCast\ZumoCast.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Zecter\ZumoCast\bin\gst-thumbnailer.exe
.
**************************************************************************
.
Completion time: 2012-04-01 15:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 19:14
.
Pre-Run: 302,744,121,344 bytes free
Post-Run: 302,636,691,456 bytes free
.
- - End Of File - - 77283E873A8AC9E3B9C680D20310262B
aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 14:32:27
-----------------------------
14:32:27.593 OS Version: Windows 5.1.2600 Service Pack 3
14:32:27.593 Number of processors: 2 586 0x1706
14:32:27.593 ComputerName: USER-FFE079D9B5 UserName: USER
14:32:29.453 Initialize success
14:33:20.875 AVAST engine defs: 12040101
14:33:53.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:33:53.484 Disk 0 Vendor: WDC_WD3200AAKS-75B3A0 01.03A01 Size: 305245MB BusType: 3
14:33:53.515 Disk 0 MBR read successfully
14:33:53.515 Disk 0 MBR scan
14:33:53.531 Disk 0 Windows XP default MBR code
14:33:53.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
14:33:53.531 Disk 0 scanning sectors +625121280
14:33:53.609 Disk 0 scanning C:\WINDOWS\system32\drivers
14:33:59.984 Service scanning
14:34:10.890 Modules scanning
14:34:14.531 Disk 0 trace - called modules:
14:34:14.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:34:14.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6acab8]
14:34:14.562 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a6fecd8]
14:34:14.578 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6aed98]
14:34:15.562 AVAST engine scan C:\WINDOWS
14:34:19.375 AVAST engine scan C:\WINDOWS\system32
14:35:53.359 AVAST engine scan C:\WINDOWS\system32\drivers
14:36:07.937 AVAST engine scan C:\Documents and Settings\USER
14:38:13.031 AVAST engine scan C:\Documents and Settings\All Users
14:39:18.156 Scan finished successfully
14:39:53.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USER\Desktop\Logs for 331\MBR.dat"
14:39:53.437 The log file has been saved successfully to "C:\Documents and Settings\USER\Desktop\Logs for 331\aswMBR.txt"
-
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Here is the log. I let the program run and it freezes after scanning the root drive. Hope this gives you what you need. Thanks again!
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: BA108000
Module End: BA117000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ABED6000
Module End: ABEEE000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5F2000
Module End: BA5F4000
Hidden: Yes
Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: BA490000
Module End: BA498000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: BA65A000
Module End: BA65C000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: AC1E1A60
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwClose
Address: AC1C6BF0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwConnectPort
Address: AC1E3920
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateFile
Address: AC1C2F60
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateKey
Address: AC1CE090
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateProcess
Address: AC1DA2B0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateProcessEx
Address: AC1DABB0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateSection
Address: AC1C1D10
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateSymbolicLinkObject
Address: AC1CDE40
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateThread
Address: AC1D8D70
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDebugActiveProcess
Address: AC1E6F30
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteFile
Address: AC1CCB20
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteKey
Address: AC1CF900
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteValueKey
Address: AC1D63A0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwLoadDriver
Address: AC1D7BB0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwMakeTemporaryObject
Address: AC1CD6B0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenFile
Address: AC1C5C10
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenKey
Address: AC1CEFC0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenProcess
Address: A9811F3C
Driver Base: A9811000
Driver End: A9814000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwOpenSection
Address: AC1C2580
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenThread
Address: AC1DC060
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwProtectVirtualMemory
Address: AC1E2DA0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryDirectoryFile
Address: AC1C78A0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryKey
Address: AC1D1750
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryValueKey
Address: AC1D1FA0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueueApcThread
Address: AC1E0ED0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRenameKey
Address: AC1D5590
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwReplaceKey
Address: AC1D3500
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRequestPort
Address: AC1E5A50
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRequestWaitReplyPort
Address: AC1E5D70
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRestoreKey
Address: AC1D4D20
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSaveKey
Address: AC1D3C80
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSaveKeyEx
Address: AC1D44D0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSecureConnectPort
Address: AC1E4480
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetContextThread
Address: AC1E0440
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetInformationDebugObject
Address: AC1E7520
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetInformationFile
Address: AC1C8BF0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetSystemInformation
Address: AC1D71C0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetValueKey
Address: AC1D2820
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSuspendProcess
Address: AC1DF190
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSuspendThread
Address: AC1DFAC0
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSystemDebugControl
Address: AC1E6770
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwTerminateProcess
Address: A9811FE4
Driver Base: A9811000
Driver End: A9814000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwTerminateThread
Address: A9812080
Driver Base: A9811000
Driver End: A9814000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwUnloadDriver
Address: AC1D8530
Driver Base: AC1C1000
Driver End: AC26C000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwWriteVirtualMemory
Address: A981211C
Driver Base: A9811000
Driver End: A9814000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Ok. Here is the log:
C:\Documents and Settings\Sharon DePuy\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1\1fa06fc1-7701f221 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Sharon DePuy\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39\dcfd067-559908eb a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11\ec625cb-6cf626c1 multiple threats deleted - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-1bdaf3d3 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
Edit:
Here is the log found in the ESET folder:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=112392e5a250584cbd9671d5b3886778
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-02 10:00:00
# local_time=2012-04-02 06:00:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 6136257 6136257 0 0
# compatibility_mode=6912 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=70914
# found=4
# cleaned=4
# scan_time=2596
C:\Documents and Settings\Sharon DePuy\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1\1fa06fc1-7701f221 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Sharon DePuy\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39\dcfd067-559908eb a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\USER\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11\ec625cb-6cf626c1 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\USER\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-1bdaf3d3 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
-
That looks good. Any other issues before we cleanup?
-
Unfortunately, I used the computer this internet this morning and when I clicked on a link in google, it redirected me again. Could there be something else wrong?
Thanks!
-
Please update and run SAS and MBAM again and post the logs.
-
Ok. Here are the logs:
MBAM:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.04.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: USER-FFE079D9B5 [administrator]
4/4/2012 4:49:38 PM
mbam-log-2012-04-04 (16-49-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198923
Time elapsed: 3 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2012 at 04:46 PM
Application Version : 5.0.1146
Core Rules Database Version : 8417
Trace Rules Database Version: 6229
Scan type : Complete Scan
Total Scan Time : 00:36:04
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 627
Memory threats detected : 0
Registry items scanned : 34492
Registry threats detected : 0
File items scanned : 124810
File threats detected : 295
Adware.Tracking Cookie
C:\Documents and Settings\USER\Cookies\3EWNDZ1B.txt [ /eset.122.2o7.net ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\JXI3ZIU9.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\IWXFQ6R3.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\QJMVVMI2.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\BD23OW47.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\AUV66RXV.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\L0NR8QUQ.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\69NXDGBT.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\RJQB1LTB.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\SJRPHOUZ.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\OYLA5NX3.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\PSB7ZV63.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\TVQDDJ5H.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\WJRJ4QBY.txt [ Cookie:sharon [email protected]/adserving ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\PH2GKAIH.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\6YJQY983.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\IKH8Y5EU.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\Z8AFT16D.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\6AEXIXJB.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\RAMS3O9R.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\UV6VXJO4.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\R9SHQG9O.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\7QZF9KY3.txt [ Cookie:sharon [email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\3FCDNJRG.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\V1GHF4AQ.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\C51AF5LP.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\R1SNBZBV.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\WNT2P3XR.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\9XFTY2UM.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\1JXQEU6H.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\ZL6R2KOU.txt [ Cookie:sharon [email protected]/ ]
C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\Cookies\JSGOCFOP.txt [ Cookie:sharon [email protected]/ ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UPG5FZ4 ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.stats.ilivid.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
click.get-answers-fast.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
tracking.waterfrontmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.bizzclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.waterfrontmedia.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\SHARON DEPUY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DF958GAG.DEFAULT\COOKIES.SQLITE ]
media.npr.org [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5XKLXHNG ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5XKLXHNG ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.eset.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
click.get-answers-fast.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.oracle.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
srv.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
srv.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
srv.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
click.findsearchengineresults.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4MW85KBR.DEFAULT\COOKIES.SQLITE ]
-
when I clicked on a link in google, it redirected me again.
Does it always re-direct you to the same site or is it different every time?
-
Yes. It's:
http://click.findsearchengineresults.com/ads-clicktrack/click/jump1.do?sid=VTGWKiMCfjz%2Bb66zrI8aJS6aP1XPgHlLLCHhRe8qw7g%3D&affiliate=46938&subid=97510&rc=0&terms=manual%20superantispyware%20update
This link redirected me only about 6-7 hours ago. Also, in order to stop the redirecting, you have to click on the search link three separate times to gain access to the site you originally wanted.
Do you have any suggestions?
EDIT:
I just tried searching something on google and this is where it directed me to after clicking on a link that is supposed to lead to the Washington Post:
http://www.happili.com/bc_rus3/innerxy.php?q=happens%20during%20sneeze&xy=10539
Thanks again!
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************************
I believe you're using Internet Explorer. Does that happen when you do a Bing search?
-
My java is up to date and I use Firefox. The same exact thing does happen with bing search.
Also, I ran JavaRa before my first post and checked to see if it was updated and it was.
-
I'm stumped. I'm going to check with a colleague about this problem.
-
Ok. Thank you.
-
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
-
MiniToolBox by Farbar Version: 18-01-2012
Ran by USER (administrator) on 07-04-2012 at 20:27:20
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Intel(R) 82562V-2 10/100 Network Connection = Local Area Connection (Connected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : user-ffe079d9b5
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-0B-BC-88
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Saturday, April 07, 2012 8:27:13 PM
Lease Expires . . . . . . . . . . : Sunday, April 08, 2012 8:27:13 PM
Server: UnKnown
Address: 192.168.1.1
Name: google.com
Addresses: 74.125.226.196, 74.125.226.197, 74.125.226.198, 74.125.226.199
74.125.226.200, 74.125.226.201, 74.125.226.206, 74.125.226.192, 74.125.226.193
74.125.226.194, 74.125.226.195
Pinging google.com [74.125.226.231] with 32 bytes of data:
Reply from 74.125.226.231: bytes=32 time=34ms TTL=53
Reply from 74.125.226.231: bytes=32 time=33ms TTL=53
Ping statistics for 74.125.226.231:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 34ms, Average = 33ms
Server: UnKnown
Address: 192.168.1.1
Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=76ms TTL=50
Reply from 209.191.122.70: bytes=32 time=75ms TTL=50
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 75ms, Maximum = 76ms, Average = 75ms
Server: UnKnown
Address: 192.168.1.1
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 9b 0b bc 88 ...... Intel(R) 82562V-2 10/100 Network Connection - Agnitum firewall miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 20
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 20
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 20
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (04/04/2012 04:28:33 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1413921487.
Error: (04/04/2012 04:28:31 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (04/03/2012 06:33:04 PM) (Source: Application Error) (User: )
Description: Fault bucket -1391902482.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (04/03/2012 06:33:01 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.2.202.228, faulting module FlashPlayerUpdateService.exe, version 11.2.202.228, fault address 0x0000abd8.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]
Error: (04/01/2012 09:00:55 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1217514343.
Error: (04/01/2012 09:00:52 PM) (Source: Application Hang) (User: )
Description: Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (04/01/2012 08:59:56 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1217514343.
Error: (04/01/2012 08:59:53 PM) (Source: Application Hang) (User: )
Description: Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/31/2012 08:14:17 PM) (Source: Application Error) (User: )
Description: Faulting application oasrv.exe, version 5.5.0.1557, faulting module oasrv.exe, version 5.5.0.1557, fault address 0x00004a6f.
Processing media-specific event for [oasrv.exe!ws!]
Error: (03/21/2012 11:36:57 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (04/07/2012 08:27:08 AM) (Source: Dhcp) (User: )
Description: The IP address lease 0.0.0.0 for the Network Card with network address 00219B0BBC88 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Error: (04/07/2012 08:27:05 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00219B0BBC88 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Error: (04/01/2012 03:01:13 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (04/04/2012 04:28:33 PM) (Source: Application Hang)(User: )
Description: -1413921487
Error: (04/04/2012 04:28:31 PM) (Source: Application Hang)(User: )
Description: firefox.exe11.0.0.4454hungapp0.0.0.0000 00000
Error: (04/03/2012 06:33:04 PM) (Source: Application Error)(User: )
Description: -1391902482
Error: (04/03/2012 06:33:01 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.2.202.22 8FlashPlayerUpdateService.exe11.2.202.2 280000abd8
Error: (04/01/2012 09:00:55 PM) (Source: Application Hang)(User: )
Description: 1217514343
Error: (04/01/2012 09:00:52 PM) (Source: Application Hang)(User: )
Description: SysProt.exe1.0.1.0hungapp0.0.0.00000000 0
Error: (04/01/2012 08:59:56 PM) (Source: Application Hang)(User: )
Description: 1217514343
Error: (04/01/2012 08:59:53 PM) (Source: Application Hang)(User: )
Description: SysProt.exe1.0.1.0hungapp0.0.0.00000000 0
Error: (03/31/2012 08:14:17 PM) (Source: Application Error)(User: )
Description: oasrv.exe5.5.0.1557oasrv.exe5.5.0.15570 0004a6f
Error: (03/21/2012 11:36:57 AM) (Source: Application Hang)(User: )
Description: firefox.exe11.0.0.4454hungapp0.0.0.0000 00000
========================= Memory info: ===================================
Percentage of memory in use: 24%
Total physical RAM: 3326.1 MB
Available physical RAM: 2521.16 MB
Total Pagefile: 5210.32 MB
Available Pagefile: 4515.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.96 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:298.08 GB) (Free:280.93 GB) NTFS
========================= Users: ========================================
User accounts for \\USER-FFE079D9B5
Administrator Guest HelpAssistant
Sharon DePuy SUPPORT_388945a0 USER
**** End of log ****
-
Comments removed.