Fake Malware Scanner Virus...Please Help!

lack_of_boarding · Jul 27, 2010

Hello all,
I have contracted a virus. I'm getting phony virus scanners popping up when booting up. I am also seeing some pop ups in firefox. I am running windows xp pro with SP 3. I have run AVG free, MalwareBytes, and HiJack this. All help is GREATLY appreciated!!!

Here are the logs:
MalwareBytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/26/2010 10:56:06 PM
mbam-log-2010-07-26 (22-56-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 157413
Time elapsed: 54 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\releaseversion70700.exe (Trojan.Agent.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpiypftb (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpiypftb (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Bryan\Application Data\Sky-Banners (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Bryan\Application Data\Sky-Banners\skb (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Bryan\Application Data\SystemProc (Trojan.Agent) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Files Infected:
C:\Documents and Settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980\releaseversion70700.exe (Trojan.Agent.Gen) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Application Data\ssjaecesp\gscqymktssd.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\xdwqp.dll (Adware.EZlife) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temp\iphsexmn.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temp\nhhm.exe (Adware.BHO) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temp\ogjpeed.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\GBOJQREB\releaseversion70700[1].exe (Trojan.Agent.Gen) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\IBQD2LEX\cgaickiqk[1].htm (Adware.BHO) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\QRUJKZMJ\jjelg[1].htm (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\UDIL0PYN\aaidkfmhfa[1].htm (Trojan.Dropper) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Bryan\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temp\orecnsmwxa.tmp (Trojan.Agent) -> No action taken.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/26/2010 10:56:48 PM
mbam-log-2010-07-26 (22-56-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 157413
Time elapsed: 54 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\releaseversion70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpiypftb (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpiypftb (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Bryan\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980\releaseversion70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Application Data\ssjaecesp\gscqymktssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdwqp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temp\iphsexmn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temp\nhhm.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temp\ogjpeed.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\GBOJQREB\releaseversion70700[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\IBQD2LEX\cgaickiqk[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\QRUJKZMJ\jjelg[1].htm (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\UDIL0PYN\aaidkfmhfa[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temp\orecnsmwxa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:14 PM, on 7/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqsnotify.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [jgyo0w] C:\DOCUME~1\Bryan\LOCALS~1\Temp\19aqp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7926 bytes

Nestle · Jul 27, 2010

Download http://z-oleg.com/avz4.zip or alternative reference (If the first does not open) http://rapidshare.com/files/409318809/avz.zip

Unzip AVZ Antiviral Toolkit to a separate folder.
Run AVZ.

Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Send through filehoster virusinfo_syscheck.zip

gamblingman · Jul 27, 2010

lack_of_boarding, Please follow these instructions as you are still infected.

--------
First:
Open Malwarebytes and please make sure you have removed ALL infections Malwarebytes found. The infections Malwarebytes finds and quarantines are under the "Quarantine" tab. Select all of the quarantined objects, then click the "Delete All" button. Close Malwarebytes.

Next:
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next

reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

johnb35 · Jul 27, 2010

DO NOT follow Nestle's advice, follow Gamblingmans advice and run combofix and post its log along with a fresh hijackthis log.

lack_of_boarding · Jul 27, 2010

Thank you so much for the fast reply!

ComboFix Log:

ComboFix 10-07-24.06 - Bryan 07/27/2010 11:44:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.610 [GMT -7:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980
c:\documents and settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980\enemies-names.txt
c:\documents and settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980\local.ini
c:\documents and settings\Bryan\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Bryan\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Bryan\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\program files\Mozilla Firefox\searchplugins\google_search.xml

.
((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))
.

2010-07-27 02:24 . 2010-07-27 02:24 -------- d-----w- c:\program files\Trend Micro
2010-07-27 02:18 . 2010-07-27 02:18 -------- d-----w- c:\documents and settings\Bryan\Application Data\Malwarebytes
2010-07-27 02:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 02:18 . 2010-07-27 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-27 02:18 . 2010-07-27 02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 02:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 02:09 . 2010-07-27 05:56 -------- d-----w- c:\documents and settings\Bryan\Local Settings\Application Data\ssjaecesp
2010-07-27 02:09 . 2010-07-27 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-25 02:46 . 2010-07-25 02:46 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-25 02:46 . 2010-07-25 02:46 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-25 02:46 . 2010-07-25 02:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-25 02:43 . 2010-07-25 02:43 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-25 02:43 . 2010-07-25 02:43 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-25 02:43 . 2010-07-25 02:43 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-25 02:43 . 2010-07-25 02:43 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-14 14:53 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 04:44 . 2010-07-11 04:44 -------- d-----w- c:\documents and settings\Bryan\Application Data\Viewpoint
2010-07-11 04:44 . 2010-07-11 04:44 -------- d-----w- c:\program files\Viewpoint
2010-07-11 04:44 . 2010-07-11 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-29 02:30 . 2010-06-29 03:04 -------- d-----w- c:\documents and settings\Bryan\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 02:13 . 2010-03-10 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-27 02:09 . 2010-05-10 04:05 -------- d-----w- c:\documents and settings\Bryan\Application Data\uTorrent
2010-07-25 02:46 . 2010-03-10 03:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-25 02:45 . 2010-03-10 03:46 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 04:38 . 2010-03-22 02:37 -------- d-----w- c:\documents and settings\Bryan\Application Data\Apple Computer
2010-07-11 19:04 . 2010-04-17 05:16 -------- d-----r- c:\program files\Skype
2010-07-11 18:55 . 2010-04-17 05:17 -------- d-----w- c:\documents and settings\Bryan\Application Data\Skype
2010-07-11 18:49 . 2010-04-17 05:17 -------- d-----w- c:\documents and settings\Bryan\Application Data\skypePM
2010-06-14 14:31 . 2010-03-10 03:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 14:47 . 2010-03-26 04:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 01:22 . 2010-03-10 03:46 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 02:59 . 2010-05-25 02:59 61440 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e822c20-n\decora-sse.dll
2010-05-25 02:59 . 2010-05-25 02:59 348160 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\msvcr71.dll
2010-05-25 02:59 . 2010-05-25 02:59 503808 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\msvcp71.dll
2010-05-25 02:59 . 2010-05-25 02:59 12800 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e822c20-n\decora-d3d.dll
2010-05-25 02:59 . 2010-05-25 02:59 499712 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\jmc.dll
2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-07-11 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-25 2065760]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"TPSMain"="TPSMain.exe" [2004-08-27 278528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-25 02:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/9/2010 8:46 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/9/2010 8:47 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/24/2010 7:45 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/24/2010 7:45 PM 308136]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/10/2010 9:44 PM 30152]
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 11:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-27 11:50:24
ComboFix-quarantined-files.txt 2010-07-27 18:50

Pre-Run: 77,500,358,656 bytes free
Post-Run: 77,654,794,240 bytes free

- - End Of File - - 5797FD085266DE2040398B6F4ACBDB71

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:09 AM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7565 bytes

Computer Performance:

Fake malware scanners don't seem to be running. Combofix removed the fake scanner from my start menu. Computer doesn't seem to be lagging much. I had to manually start windows firewall. Somewhere along the line something created a new shortcut to Internet Explorer, and set IE to the default browser. I set default browser back to firefox. This is all I've noticed so far.

johnb35 · Jul 27, 2010

Please rerun hijackthis and place checks next to the following entries.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

then click on fix checked at the bottom.

Please go into add/remove programs and uninstall all entries that list viewpoint in it.

You may want to download and run ccleaner so it deletes all your old temp files and such.

http://www.filehippo.com/download_ccleaner/

Click up top right were it says download latest version and install the program then set up the options that are checked in the attached image and then click on run cleaner.

johnb35 · Jul 27, 2010

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

Folder::
c:\documents and settings\Bryan\Local Settings\Application Data\ssjaecesp

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

softe · Jul 27, 2010

i agree, follow johnb35 instructions, they never fail

lack_of_boarding · Jul 27, 2010

Followed instructions. Again, thanks a million for the quick responses. Here is the Combofix log:

ComboFix 10-07-24.06 - Bryan 07/27/2010 14:06:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.553 [GMT -7:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bryan\Local Settings\Application Data\ssjaecesp

.
((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))
.

2010-07-27 20:50 . 2010-07-27 20:51 -------- d-----w- c:\program files\CCleaner
2010-07-27 02:24 . 2010-07-27 02:24 -------- d-----w- c:\program files\Trend Micro
2010-07-27 02:18 . 2010-07-27 02:18 -------- d-----w- c:\documents and settings\Bryan\Application Data\Malwarebytes
2010-07-27 02:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 02:18 . 2010-07-27 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-27 02:18 . 2010-07-27 02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 02:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 02:09 . 2010-07-27 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-25 02:46 . 2010-07-25 02:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-14 14:53 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 04:44 . 2010-07-27 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-29 02:30 . 2010-06-29 03:04 -------- d-----w- c:\documents and settings\Bryan\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 02:13 . 2010-03-10 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-27 02:09 . 2010-05-10 04:05 -------- d-----w- c:\documents and settings\Bryan\Application Data\uTorrent
2010-07-25 02:46 . 2010-03-10 03:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-25 02:45 . 2010-03-10 03:46 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 04:38 . 2010-03-22 02:37 -------- d-----w- c:\documents and settings\Bryan\Application Data\Apple Computer
2010-07-11 19:04 . 2010-04-17 05:16 -------- d-----r- c:\program files\Skype
2010-07-11 18:55 . 2010-04-17 05:17 -------- d-----w- c:\documents and settings\Bryan\Application Data\Skype
2010-07-11 18:49 . 2010-04-17 05:17 -------- d-----w- c:\documents and settings\Bryan\Application Data\skypePM
2010-06-14 14:31 . 2010-03-10 03:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 14:47 . 2010-03-26 04:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 01:22 . 2010-03-10 03:46 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 02:59 . 2010-05-25 02:59 61440 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e822c20-n\decora-sse.dll
2010-05-25 02:59 . 2010-05-25 02:59 348160 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\msvcr71.dll
2010-05-25 02:59 . 2010-05-25 02:59 503808 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\msvcp71.dll
2010-05-25 02:59 . 2010-05-25 02:59 12800 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e822c20-n\decora-d3d.dll
2010-05-25 02:59 . 2010-05-25 02:59 499712 ----a-w- c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\jmc.dll
2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-07-11 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-25 2065760]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"TPSMain"="TPSMain.exe" [2004-08-27 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-25 02:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/9/2010 8:46 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/9/2010 8:47 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/24/2010 7:45 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/24/2010 7:45 PM 308136]
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-07-27 14:09:36
ComboFix-quarantined-files.txt 2010-07-27 21:09
ComboFix2.txt 2010-07-27 18:50

Pre-Run: 77,770,162,176 bytes free
Post-Run: 77,760,978,944 bytes free

- - End Of File - - 58D238F1C11D856D4477FA09D4806077

Let me know if you would also like a HJT log. I'll check back shortly for further instructions.

johnb35 · Jul 27, 2010

Nope, a hijackthis log is not needed. You are done unless you are still having issues.

lack_of_boarding · Jul 29, 2010

Awesome!
Everything looks great so far.
Once again, thank you so much for the assistance. This forum and your help have been incredibly valuable!

lack_of_boarding · Aug 3, 2010

Still some issues

Hello all,
I'm still having one issue that i've noticed after I was infected with this virus. In firefox 3.6.8, I am getting redirected when clicking on Google search results. This click jacking doesn't seem to be taking place in IE 8.

Example:
Entered Google search for "wiki How I met Your Mother"
Clicked on the top link, which in green states: en.wikipedia.org/wiki/How_I_Met_Your_Mother
Then as the page is loading, I see in the URL that I get redirected to several sites before landing to an undesired website.

Some of the sites redirected to include:
http://samantasay.com/feedse.php?k=wiki+how+I+met+your+mother+

http://mx2.38855.asklots.com/jump1/...N3ATMfBTMfRTOx8lN3EDO5cDM4ITM&a=zk6&mr=1&rc=0

http://www.tazinga.com/directory/results/Wiki How I Met Your Mother

Running Malwarebytes as we speak, here is a HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:36 PM, on 8/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG9\avgupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6702 bytes

johnb35 · Aug 3, 2010

Please download Gooredfix to your desktop from here or here

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win 7).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear.
Please attach the Goored.txt log to your next reply (it can be found on your desktop).

lack_of_boarding · Aug 3, 2010

Ran GooredFix. Here is the log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:54 on 02/08/2010 (Bryan)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{1CE11043-9A15-4207-A565-0C94C42D590D} [02:09 27/07/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:43 10/03/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [07:00 10/03/2010]

C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [14:54 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [07:00 10/03/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:57 13/04/2010]

-=E.O.F=-

johnb35 · Aug 4, 2010

Ok, don't see anything there.

Download, update and run superantispyware.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Post the log when done. You can find the log by pressing the preferences button on the main page and then click on statistics/logs tab and then open the log and copy and paste back here.

lack_of_boarding · Aug 4, 2010

Sorry the log is too long here is the first half

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2010 at 08:50 PM

Application Version : 4.41.1000

Core Rules Database Version : 5312
Trace Rules Database Version: 3124

Scan type : Complete Scan
Total Scan Time : 00:24:48

Memory items scanned : 428
Memory threats detected : 0
Registry items scanned : 5457
Registry threats detected : 0
File items scanned : 15954
File threats detected : 452

Adware.Tracking Cookie
C:\Documents and Settings\Bryan\Cookies\bryan@collective-media[2].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][1].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][2].txt
C:\Documents and Settings\Bryan\Cookies\bryan@serving-sys[2].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][1].txt
C:\Documents and Settings\Bryan\Cookies\bryan@advertising[2].txt
C:\Documents and Settings\Bryan\Cookies\bryan@yieldmanager[1].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][3].txt
C:\Documents and Settings\Bryan\Cookies\bryan@interclick[3].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][1].txt
C:\Documents and Settings\Bryan\Cookies\bryan@doubleclick[2].txt
C:\Documents and Settings\Bryan\Cookies\bryan@atdmt[1].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][3].txt
a.ads2.msads.net [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
b.ads2.msads.net [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
content.oddcast.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
core.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
i.adultswim.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
media.mtvnservices.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
s0.2mdn.net [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.edgeadx.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.edgeadx.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
0.w.y.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.myroitracking.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adserving.contextualmarketplace.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adserving.contextualmarketplace.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ads.adultswim.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adultswim.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.andomedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]

lack_of_boarding · Aug 4, 2010

and here is the next chunk

.server.cpmstar.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ad.doubleclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.activenetwork.122.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.singletracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.singletracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.singletracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.singletracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
optimize.indieclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.mtvn.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adultswim.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
w.j.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.burstbeacon.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
adserver.mapmyfitness.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
adserver.mapmyfitness.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
adserver.lat49.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ihire.122.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trackalyzer.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
web4.realtracker.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.roiservice.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.californiastateautomobileassociation.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ehg-csaa.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
3.v.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
banner.adchemy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
banner.adchemy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
3.w.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
b.u.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
b.w.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cn.clickable.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cn.clickable.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ev.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
j.u.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.monstercom.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.xm.xtendmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
beacon.dmsinsights.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
beacon.dmsinsights.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.view.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.flightstats.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.flightstats.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.flightstats.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.flightstats.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]

lack_of_boarding · Aug 4, 2010

...and the rest

.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
5.n.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.romnation.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.romnation.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
adserving.cpxinteractive.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
adserving.cpxinteractive.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
adserving.cpxinteractive.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
www.burstnet.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.account.live.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.account.live.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
x.l.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
x.v.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
stats.clicktracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
stats.clicktracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
stats.clicktracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
stats.clicktracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.oddcast.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.mediacollege.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.mediacollege.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
www.mysitetraffic.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
www.mysitetraffic.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.tradedoubler.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
tracking.admarketplace.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.atwola.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
bridge1.admarketplace.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.ehg-apollointeractive.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.network.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
da-tracking.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
da-tracking.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
pixel.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
C:\Documents and Settings\Bryan\Cookies\bryan@atdmt[2].txt
C:\Documents and Settings\Bryan\Cookies\bryan@serving-sys[1].txt
C:\Documents and Settings\Bryan\Cookies\bryan@doubleclick[1].txt
C:\Documents and Settings\Bryan\Cookies\bryan@interclick[2].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][2].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][1].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][1].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][1].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][2].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][1].txt
C:\Documents and Settings\Bryan\Cookies\bryan@fastclick[1].txt
C:\Documents and Settings\Bryan\Cookies\[email protected][1].txt

johnb35 · Aug 4, 2010

Are you still having the redirecting issue?

lack_of_boarding · Aug 4, 2010

Unfortunately yes. The first few searches I did worked just fine. But then I started getting redirected again. Bummer!

Fake Malware Scanner Virus...Please Help!

New Member

New Member

VIP Member

Administrator

New Member

Administrator

Attachments

Administrator

New Member

New Member

Administrator

New Member

New Member

Administrator

New Member

Administrator

New Member

New Member

New Member

Administrator

New Member