Google jump virus

dcoombs · November 12, 2010

I have been attempting to remove the jump virus from my system. Having run every malware & antivirus software I know of I am now trying the IS360 & hijackthis. Can anyone in this forum help?

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 10:30:6, on 2010-11-12

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Lenovo\Access Connections\AcSvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\TpShocks.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\DllHost.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\AOL 9.5\waol.exe

C:\Program Files\AOL 9.5\shellmon.exe

C:\Windows\System32\svchost.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [GenieSearchforArchive] "C:\Program Files\Genie-Soft\Genie Archive for Outlook 2\GenieSearchforArchive.exe" -startup

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TpShocks] TpShocks.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HostManager] C:\Program Files\Common Files\AOL\1272201713\ee\AOLSoftware.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: OneNote Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -

O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O23 - Service: AcPrfMgrSvc (AcPrfMgrSvc) - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

O23 - Service: AcSvc (AcSvc) - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe

O23 - Service: AMD External Events Utility (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

O23 - Service: McciCMService (McciCMService) - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Power Manager DBC Service (Power Manager DBC Service) - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service (ThinkVantage Registry Monitor Service) - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\system32\TPHDEXLG.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: TVT Backup Service (TVT Backup Service) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

Superdave · November 15, 2010

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

****************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1

Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

dcoombs · November 16, 2010

Mbam

Malwarebytes' Anti-Malware 1.46

http://www.malwarebytes.org

Database version: 5128

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/16/2010 3:16:40 PM

mbam-log-2010-11-16 (15-16-40).txt

Scan type: Full scan (C:\|)

Objects scanned: 247203

Time elapsed: 56 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

dcoombs · November 16, 2010

Security Check by screen317

Results of screen317's Security Check version 0.99.6

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

EAV Antivirus Suite 6.60

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 22

Adobe Flash Player 10.1.53.64

Adobe Reader 9.4.0

````````````````````````````````

Process Check:

objlist.exe by Laurent

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

dcoombs · November 16, 2010

SuperAntiSpyware Scan Part 1

dcoombs · November 16, 2010

SuperAntiSpyware Scan Part 2

EDIT:

PLEASE DIVIDE YOUR LONG LOGS INTO 2 OR MORE PARTS TO BE SEEN IN THE POST!

Superdave · November 16, 2010

I don't see your SAS log.

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

dcoombs · November 17, 2010

ComboFix

ComboFix 10-11-16.06 - David Coombs 11/17/2010 11:06:00.1.1 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1790.994 [GMT -5:00]

Running from: c:\users\David Coombs\Desktop\commy.exe

Command switches used :: /stepdel

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ipconfig.txt

c:\windows\system32\arp.exe

c:\windows\system32\Thumbs.db

.

((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))

.

2010-11-17 16:21 . 2010-11-17 16:21 -------- d-----w- C:\Device

2010-11-17 16:13 . 2010-11-17 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-16 17:20 . 2010-11-16 17:20 -------- d-----w- c:\users\David Coombs\AppData\Roaming\SUPERAntiSpyware.com

2010-11-16 17:20 . 2010-11-16 17:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-11-16 17:20 . 2010-11-16 17:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-11-12 15:47 . 2010-11-12 15:47 388096 ----a-r- c:\users\David Coombs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-11-12 15:47 . 2010-11-12 15:47 -------- d-----w- c:\program files\Trend Micro

2010-11-12 15:19 . 2010-11-12 15:19 -------- d-----w- c:\programdata\IObit

2010-11-11 14:39 . 2006-11-02 06:50 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys

2010-11-08 18:42 . 2010-11-08 18:42 -------- d-----w- c:\users\David Coombs\AppData\Roaming\Malwarebytes

2010-11-08 18:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-08 18:42 . 2010-11-08 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-08 18:42 . 2010-11-08 18:42 -------- d-----w- c:\programdata\Malwarebytes

2010-11-08 18:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-28 11:27 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-28 11:27 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-28 11:27 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-28 11:27 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-28 11:27 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-26 12:40 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D31E022-59FC-45FE-90DE-8871B114D51E}\mpengine.dll

2010-10-24 11:07 . 2010-10-24 11:07 -------- d-----w- c:\users\David Coombs\AppData\Local\Windows Live Writer

2010-10-24 11:07 . 2010-10-24 11:07 -------- d-----w- c:\users\David Coombs\AppData\Roaming\Windows Live Writer

2010-10-23 15:03 . 2010-10-23 15:03 -------- d-----w- c:\program files\iTunes

2010-10-23 15:03 . 2010-10-23 15:03 -------- d-----w- c:\program files\iPod

2010-10-23 14:59 . 2010-10-23 14:59 -------- d-----w- c:\program files\Bonjour

2010-10-21 19:38 . 2010-10-21 19:38 -------- d-----w- c:\windows\en

2010-10-21 19:35 . 2010-10-21 19:35 -------- d-----w- c:\program files\MSN Toolbar

2010-10-21 19:35 . 2010-10-21 19:35 -------- d-----w- c:\program files\Bing Bar Installer

2010-10-21 19:34 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2010-10-21 19:34 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2010-10-21 19:34 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-10-21 19:32 . 2010-10-21 19:32 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\b37c0e871cb71562c\InstallManager_WLE_WLE.exe

2010-10-21 19:31 . 2010-10-21 19:31 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\8d40f7a91cb715620\MeshBetaRemover.exe

2010-10-21 19:30 . 2010-10-21 19:30 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\73772e0f1cb715618\DSETUP.dll

2010-10-21 19:30 . 2010-10-21 19:30 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\73772e0f1cb715618\DXSETUP.exe

2010-10-21 19:30 . 2010-10-21 19:30 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\73772e0f1cb715618\dsetup32.dll

2010-10-21 19:30 . 2010-10-21 19:30 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\71a770541cb715617\DXSETUP.exe

2010-10-21 19:30 . 2010-10-21 19:30 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\71a770541cb715617\dsetup32.dll

2010-10-21 19:30 . 2010-10-21 19:30 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\71a770541cb715617\DSETUP.dll

2010-10-21 19:27 . 2010-10-21 19:27 -------- d-----w- c:\users\David Coombs\AppData\Local\Windows Live

2010-10-21 19:25 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-10-21 19:25 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2010-10-21 19:25 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 15:41 . 2010-04-25 12:24 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 18:03 . 2010-09-21 18:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-09-15 08:50 . 2010-04-25 22:55 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-08 04:30 . 2010-10-14 18:23 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28 . 2010-10-14 18:23 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22 . 2010-10-14 18:23 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48 . 2010-10-14 18:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-01 04:23 . 2010-10-14 18:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34 . 2010-10-14 18:23 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32 . 2010-10-14 18:23 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32 . 2010-10-14 18:23 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-28 16:03 . 2010-08-28 16:03 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2010-08-28 16:03 . 2010-05-22 21:45 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2010-08-28 16:02 . 2010-05-22 21:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2010-08-27 05:46 . 2010-10-14 18:23 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 03:31 . 2010-10-14 18:23 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-27 03:30 . 2010-10-14 18:23 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-27 03:30 . 2010-10-14 18:23 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-26 04:39 . 2010-10-14 18:23 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36 . 2010-10-14 18:23 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-21 05:36 . 2010-10-14 18:23 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33 . 2010-10-14 18:23 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-08-21 05:32 . 2010-09-15 11:27 316928 ----a-w- c:\windows\system32\spoolsv.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GenieSearchforArchive"="c:\program files\Genie-Soft\Genie Archive for Outlook 2\GenieSearchforArchive.exe" [2009-02-12 336512]

"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-11-16 487992]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-12-10 865640]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]

"HostManager"="c:\program files\Common Files\AOL\1272201713\ee\AOLSoftware.exe" [2010-02-10 41800]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-03-10 62312]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

c:\users\David Coombs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyDocs"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyDocs"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-03-10 50536]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-01 1343400]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-19 172032]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-03-10 74088]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 182304]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-09 1006624]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]

S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-11-23 181120]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-05-28 18:11]

2010-11-17 c:\windows\Tasks\AWC Startup.job

- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-05-28 01:33]

2010-11-16 c:\windows\Tasks\AWC Update.job

- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-05-28 19:24]

2010-10-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-11-15 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-14 20:48]

2010-11-15 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 17:51]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us

FF - prefs.js: browser.startup.homepage - hxxp://www.northforsythumc.org/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Common Files\Motive\npMotive.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2744)

c:\program files\Lenovo\Access Connections\ACDeskBand.dll

c:\program files\Lenovo\Access Connections\AcLocSettings.dll

c:\program files\Lenovo\Access Connections\AcSvcStub.dll

c:\program files\Lenovo\Access Connections\ACHelper.dll

c:\program files\ThinkPad\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\atieclxx.exe

c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Lenovo\Access Connections\AcSvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\conhost.exe

c:\windows\system32\DllHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\ThinkPad\Bluetooth Software\btwdins.exe

c:\windows\system32\sppsvc.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2010-11-17 11:27:19 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-17 16:27

Pre-Run: 170,541,592,576 bytes free

Post-Run: 170,295,562,240 bytes free

- - End Of File - - 66D27048078D67CC6821591BA5D3BE7C

dcoombs · November 17, 2010

Sas

Hi Superdave,

First I want to thank you for taking on helping me with this problem - I was at my wits end! Not sure why my SAS logs are causing so much trouble. First time it was too big but I didn't realize it had failed to post at all. Once I became aware of that I split it in two and it seem to post fine but now I see that both posts are empty - not sure what happened. Now I can't seem to find the original text file :-( I'm going to re-run it and send the results but if you think you need the original run let me know. I'm pretty sure I can find/recover it if I really need to. I have some utilities around somewhere that I haven't used in a long time that do that.

Dave

Superdave · November 17, 2010

How's your computer running now?

P2P - I see you have P2P software installed on your machine LimeWire. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*********************************************

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

dcoombs · November 17, 2010

Sas

dcoombs · November 17, 2010

LimeWire

Thanks for heads up on LimeWire. I don't use any P2P software. I allowed someone else to use my computer and they installed and used that software. I have uninstalled it. If you see any other questionable software please let me know.

dcoombs · November 17, 2010

Sas

dcoombs · November 17, 2010

Gmer

dcoombs · November 17, 2010

GMER Part 1

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-11-17 16:03:06

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS545025B9A300 rev.PB2ZC61H

Running: gmer.exe; Driver: C:\Users\DAVIDC~1\AppData\Local\Temp\pwdyipob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C87599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CABF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DE3E000, 0x2CC244, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[2092] kernel32.dll!CreateProcessW 7600202D 6 Bytes JMP 5F0D0F5A

.text C:\Windows\Explorer.EXE[2092] kernel32.dll!CreateProcessA 76002062 6 Bytes JMP 5F0A0F5A

.text C:\Windows\Explorer.EXE[2092] kernel32.dll!LoadLibraryExW 7604B6BF 6 Bytes JMP 5F070F5A

.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateProcessAsUserW 7623BBDB 6 Bytes JMP 5F100F5A

.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateProcessWithLogonW 762742A1 6 Bytes JMP 5F040F5A

.text C:\Windows\System32\notepad.exe[17180] ntdll.dll!NtCreateKey 77104A70 3 Bytes [FF, 25, 1E]

.text C:\Windows\System32\notepad.exe[17180] ntdll.dll!NtCreateKey + 4 77104A74 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\Windows\System32\notepad.exe[17180] ntdll.dll!NtSetValueKey 77105C70 3 Bytes [FF, 25, 1E]

.text C:\Windows\System32\notepad.exe[17180] ntdll.dll!NtSetValueKey + 4 77105C74 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\Windows\System32\notepad.exe[17180] kernel32.dll!CreateProcessW 7600202D 6 Bytes JMP 5F0D0F5A

.text C:\Windows\System32\notepad.exe[17180] kernel32.dll!CreateProcessA 76002062 6 Bytes JMP 5F0A0F5A

.text C:\Windows\System32\notepad.exe[17180] kernel32.dll!LoadLibraryExW 7604B6BF 6 Bytes JMP 5F070F5A

.text C:\Windows\System32\notepad.exe[17180] ADVAPI32.dll!CreateProcessAsUserW 7623BBDB 6 Bytes JMP 5F100F5A

.text C:\Windows\System32\notepad.exe[17180] ADVAPI32.dll!CreateServiceW 7625DBC1 6 Bytes JMP 5F1C0F5A

.text C:\Windows\System32\notepad.exe[17180] ADVAPI32.dll!CreateServiceA 76272120 6 Bytes JMP 5F190F5A

.text C:\Windows\System32\notepad.exe[17180] ADVAPI32.dll!CreateProcessWithLogonW 762742A1 6 Bytes JMP 5F040F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F62494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F45624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F456E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F6250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F58573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F54D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F550CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F551A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F566D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F582CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F58819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F5907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F5E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F54C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AOL 9.5\waol.exe[2164] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Windows\System32\rundll32.exe[2432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2432] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[2432] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[2440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[2440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[2440] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[2440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\aol\1272201713\ee\aolsoftware.exe[2464] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

dcoombs · November 17, 2010

GMER Part 2

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[3204] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT c:\Program Files\Lenovo\System Update\SUService.exe[4696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT c:\Program Files\Lenovo\System Update\SUService.exe[4696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT c:\Program Files\Lenovo\System Update\SUService.exe[4696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT c:\Program Files\Lenovo\System Update\SUService.exe[4696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT c:\Program Files\Lenovo\System Update\SUService.exe[4696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75165E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 08: copy of MBR

---- EOF - GMER 1.0.15 ----

dcoombs · November 17, 2010

SAS Part 1

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 11/17/2010 at 01:39 PM

Application Version : 4.45.1000

Core Rules Database Version : 5874

Trace Rules Database Version: 3686

Scan type : Complete Scan

Total Scan Time : 01:12:10

Memory items scanned : 449

Memory threats detected : 0

Registry items scanned : 9365

Registry threats detected : 0

File items scanned : 105121

File threats detected : 358

Adware.Tracking Cookie

C:\Users\David Coombs\AppData\Roaming\Microsoft\Windows\Cookies\david_coombs@ar.atwola[3].txt

C:\Users\David Coombs\AppData\Roaming\Microsoft\Windows\Cookies\david_coombs@ar.atwola[2].txt

C:\Users\David Coombs\AppData\Roaming\Microsoft\Windows\Cookies\david_coombs@invitemedia[2].txt

C:\Users\David Coombs\AppData\Roaming\Microsoft\Windows\Cookies\david_coombs@sojo.advertserve[2].txt

C:\Users\David Coombs\AppData\Roaming\Microsoft\Windows\Cookies\david_coombs@track.abilityemail[2].txt

C:\Users\David Coombs\AppData\Roaming\Microsoft\Windows\Cookies\david_coombs@atwola[2].txt

C:\Users\David Coombs\AppData\Roaming\Microsoft\Windows\Cookies\david_coombs@at.atwola[2].txt

C:\Users\David Coombs\AppData\Roaming\Microsoft\Windows\Cookies\david_coombs@cdn.at.atwola[1].txt

.doubleclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.specificclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.specificclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.statcounter.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.interclick.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.fastclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.interclick.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.specificclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.specificmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

sojo.advertserve.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.advertising.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.atdmt.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.doubleclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.advertising.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.yieldmanager.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.apmebf.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.fastclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.revsci.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.imrworldwide.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.e-2dj6wjkoulcpcdo.stats.esomniture.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.247realmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.http://www.internetworldstats.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.internetworldstats.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.bs.serving-sys.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.mediaplex.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

metroleap.rotator.hadj7.adjuggler.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.tribalfusion.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.adecn.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.kontera.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.mediaplex.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.revenue.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.zedo.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.stateofgeorgia.122.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.richmedia.yahoo.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.generalelectric.112.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

statse.webtrendslive.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.pentonmedia.122.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

parentmediagroup.go2jump.org [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.tacoda.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.at.atwola.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.ez-tracks.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ez-tracks.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.adxpose.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.pointroll.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.tripod.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.nextag.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

stat.dealtime.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.interclick.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.realmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

pluckit.demandmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.dmtracker.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.paypal.112.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.bizrate.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.overture.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.gotquestions.org [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.gotquestions.org [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.burstnet.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.liveperson.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.realmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ru4.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ice.112.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.clickshift.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.adserver.adtechus.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.chitika.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.trvlnet.adbureau.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.traveladvertising.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.trvlnet.adbureau.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.traveladvertising.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.stpetersburgtimes.122.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ehg-verizon.hitbox.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.hitbox.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.liveperson.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

myaccount.verizonwireless.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ehg-verizon.hitbox.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.http://www.investorsinsight.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.investorsinsight.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

eas.apm.emediate.eu [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.investorsinsight.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.investorsinsight.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.elephantgroup.122.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.ru4.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

dc.tremormedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.burstbeacon.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.burstbeacon.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

rx9vh3hy4r.cs.serialssolutions.com.ezproxy.liberty.edu [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

rx9vh3hy4r.search.serialssolutions.com.ezproxy.liberty.edu [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.googleads.g.doubleclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

dcoombs · November 17, 2010

SAS Part 2

findarticles.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.findarticles.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.onetoone.112.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.find.galegroup.com.ezproxy.liberty.edu [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

in.getclicky.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.lucidmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.dealtime.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.superstats.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

track.abilityemail.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.liveperson.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

solutions.liveperson.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.liveperson.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.liveperson.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.mediasuite.multicastmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.statcounter.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.yadro.ru [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.eyewonder.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.advertise.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

clicks.bestsearchfind.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

click.myiqnow.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.adknowledge.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

clicks.freesearchquick.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

c.searchfeedengine-us.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

web4.realtracker.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

counter.surfcounters.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.findgreatlistings.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.findstuff.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.atdmt.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.msnportal.112.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.zedo.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.http://www.burstnet.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.kontera.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.legolas-media.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.liveperson.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

bridge2.admarketplace.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.admarketplace.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.theclickcheck.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.pro-market.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.gsicace.112.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.kantarmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.revsci.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.advertising.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.fultoncountyga.gov [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.at.atwola.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.tacoda.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.web-stat.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.revsci.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.enhance.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.pro-market.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.kaspersky.122.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.lucidmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.lucidmedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.bestsearchfind.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

adserving.autotrader.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.adserver.adtechus.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.smartadserver.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.icityfind.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.toseeka.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.revsci.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.cbsdigitalmedia.112.2o7.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.fastclick.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

d.jambomedia.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

csm.rotator.hadj7.adjuggler.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.pro-market.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.xiti.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.clickbank.net [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]

.webreports.digitalinsight.com [ C:\Users\David Coombs\AppData\Roaming\Mozilla\Firefox\Profiles\xstc0zcr.default\cookies.sqlite ]