# Fake Malware Scanner Virus...Please Help!



## lack_of_boarding

Hello all,
I have contracted a virus.  I'm getting phony virus scanners popping up when booting up.  I am also seeing some pop ups in firefox.  I am running windows xp pro with SP 3.  I have run AVG free, MalwareBytes, and HiJack this.  All help is GREATLY appreciated!!!

Here are the logs:
MalwareBytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/26/2010 10:56:06 PM
mbam-log-2010-07-26 (22-56-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 157413
Time elapsed: 54 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\releaseversion70700.exe (Trojan.Agent.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpiypftb (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpiypftb (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Bryan\Application Data\Sky-Banners (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Bryan\Application Data\Sky-Banners\skb (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Bryan\Application Data\SystemProc (Trojan.Agent) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Files Infected:
C:\Documents and Settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980\releaseversion70700.exe (Trojan.Agent.Gen) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Application Data\ssjaecesp\gscqymktssd.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\xdwqp.dll (Adware.EZlife) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temp\iphsexmn.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temp\nhhm.exe (Adware.BHO) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temp\ogjpeed.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\GBOJQREB\releaseversion70700[1].exe (Trojan.Agent.Gen) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\IBQD2LEX\cgaickiqk[1].htm (Adware.BHO) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\QRUJKZMJ\jjelg[1].htm (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\UDIL0PYN\aaidkfmhfa[1].htm (Trojan.Dropper) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Bryan\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Documents and Settings\Bryan\Local Settings\Temp\orecnsmwxa.tmp (Trojan.Agent) -> No action taken.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/26/2010 10:56:48 PM
mbam-log-2010-07-26 (22-56-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 157413
Time elapsed: 54 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eae3a641-582f-4400-9cfb-f79f73d7a159} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\releaseversion70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpiypftb (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpiypftb (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Bryan\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980\releaseversion70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Application Data\ssjaecesp\gscqymktssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdwqp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temp\iphsexmn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temp\nhhm.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temp\ogjpeed.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\GBOJQREB\releaseversion70700[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\IBQD2LEX\cgaickiqk[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\QRUJKZMJ\jjelg[1].htm (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\UDIL0PYN\aaidkfmhfa[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bryan\Local Settings\Temp\orecnsmwxa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:14 PM, on 7/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqsnotify.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [jgyo0w] C:\DOCUME~1\Bryan\LOCALS~1\Temp\19aqp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7926 bytes


----------



## Nestle

Download http://z-oleg.com/avz4.zip   or alternative reference (If the first does not open)  http://rapidshare.com/files/409318809/avz.zip

Unzip AVZ Antiviral Toolkit to a separate folder. 
Run AVZ. 

Choose from the menu "*File*" => "*Standard scripts*" and mark the "*Advanced System Analysis*" check box. Click on the "*Execute selected scripts*" button. 
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Send through filehoster *virusinfo_syscheck.zip*


----------



## gamblingman

lack_of_boarding, Please follow *these* instructions as you are still infected.

--------
First:
Open Malwarebytes and please make sure you have removed ALL infections Malwarebytes found. The infections Malwarebytes finds and quarantines are under the "*Quarantine*" tab. Select all of the quarantined objects, then click the "*Delete All*" button. Close Malwarebytes.


Next:*
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*


*Download this file* here :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe​ 
Then double click *combofix.exe* & follow the prompts.
    When finished, it shall produce a *log *for you. *Post that log* in your next
 reply

*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:


The ComboFix log
    A fresh HiJackThis log
    An update on how your computer is running


----------



## johnb35

*DO NOT *follow Nestle's advice, follow Gamblingmans advice and run combofix and post its log along with a fresh hijackthis log.


----------



## lack_of_boarding

Thank you so much for the fast reply! 

ComboFix Log:

ComboFix 10-07-24.06 - Bryan 07/27/2010  11:44:56.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.610 [GMT -7:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980
c:\documents and settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980\enemies-names.txt
c:\documents and settings\Bryan\Application Data\FC8DF648BEA63C31C377643BC8E77980\local.ini
c:\documents and settings\Bryan\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Bryan\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Bryan\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\program files\Mozilla Firefox\searchplugins\google_search.xml

.
(((((((((((((((((((((((((   Files Created from 2010-06-27 to 2010-07-27  )))))))))))))))))))))))))))))))
.

2010-07-27 02:24 . 2010-07-27 02:24	--------	d-----w-	c:\program files\Trend Micro
2010-07-27 02:18 . 2010-07-27 02:18	--------	d-----w-	c:\documents and settings\Bryan\Application Data\Malwarebytes
2010-07-27 02:18 . 2010-04-29 22:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 02:18 . 2010-07-27 02:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-27 02:18 . 2010-07-27 02:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-27 02:18 . 2010-04-29 22:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-27 02:09 . 2010-07-27 05:56	--------	d-----w-	c:\documents and settings\Bryan\Local Settings\Application Data\ssjaecesp
2010-07-27 02:09 . 2010-07-27 05:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Update
2010-07-25 02:46 . 2010-07-25 02:46	242896	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-25 02:46 . 2010-07-25 02:46	216200	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-25 02:46 . 2010-07-25 02:46	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-07-25 02:43 . 2010-07-25 02:43	813336	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-25 02:43 . 2010-07-25 02:43	624920	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-25 02:43 . 2010-07-25 02:43	1690464	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-25 02:43 . 2010-07-25 02:43	1038688	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-14 14:53 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 04:44 . 2010-07-11 04:44	--------	d-----w-	c:\documents and settings\Bryan\Application Data\Viewpoint
2010-07-11 04:44 . 2010-07-11 04:44	--------	d-----w-	c:\program files\Viewpoint
2010-07-11 04:44 . 2010-07-11 04:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-29 02:30 . 2010-06-29 03:04	--------	d-----w-	c:\documents and settings\Bryan\Application Data\vlc

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 02:13 . 2010-03-10 03:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg9
2010-07-27 02:09 . 2010-05-10 04:05	--------	d-----w-	c:\documents and settings\Bryan\Application Data\uTorrent
2010-07-25 02:46 . 2010-03-10 03:47	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-07-25 02:45 . 2010-03-10 03:46	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-07-14 04:38 . 2010-03-22 02:37	--------	d-----w-	c:\documents and settings\Bryan\Application Data\Apple Computer
2010-07-11 19:04 . 2010-04-17 05:16	--------	d-----r-	c:\program files\Skype
2010-07-11 18:55 . 2010-04-17 05:17	--------	d-----w-	c:\documents and settings\Bryan\Application Data\Skype
2010-07-11 18:49 . 2010-04-17 05:17	--------	d-----w-	c:\documents and settings\Bryan\Application Data\skypePM
2010-06-14 14:31 . 2010-03-10 03:29	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 14:47 . 2010-03-26 04:35	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-06-03 01:22 . 2010-03-10 03:46	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 02:59 . 2010-05-25 02:59	61440	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e822c20-n\decora-sse.dll
2010-05-25 02:59 . 2010-05-25 02:59	348160	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\msvcr71.dll
2010-05-25 02:59 . 2010-05-25 02:59	503808	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\msvcp71.dll
2010-05-25 02:59 . 2010-05-25 02:59	12800	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e822c20-n\decora-d3d.dll
2010-05-25 02:59 . 2010-05-25 02:59	499712	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\jmc.dll
2010-05-06 10:41 . 2006-02-28 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00	1851264	----a-w-	c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-07-11 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-25 2065760]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"TPSMain"="TPSMain.exe" [2004-08-27 278528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-25 02:46	12536	----a-w-	c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/9/2010 8:46 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/9/2010 8:47 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/24/2010 7:45 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/24/2010 7:45 PM 308136]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/10/2010 9:44 PM 30152]
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 11:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-27  11:50:24
ComboFix-quarantined-files.txt  2010-07-27 18:50

Pre-Run: 77,500,358,656 bytes free
Post-Run: 77,654,794,240 bytes free

- - End Of File - - 5797FD085266DE2040398B6F4ACBDB71



HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:09 AM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7565 bytes



Computer Performance:

Fake malware scanners don't seem to be running.  Combofix removed the fake scanner from my start menu.  Computer doesn't seem to be lagging much.  I had to manually start windows firewall.  Somewhere along the line something created a new shortcut to Internet Explorer, and set IE to the default browser.  I set default browser back to firefox.  This is all I've noticed so far.


----------



## johnb35

Please rerun hijackthis and place checks next to the following entries.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

then click on fix checked at the bottom.

Please go into add/remove programs and uninstall all entries that list viewpoint in it.

You may want to download and run ccleaner so it deletes all your old temp files and such.

http://www.filehippo.com/download_ccleaner/

Click up top right were it says download latest version and install the program then set up the options that are checked in the attached image and then click on run cleaner.


----------



## johnb35

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Folder::
c:\documents and settings\Bryan\Local Settings\Application Data\ssjaecesp




3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## softe

i agree, follow johnb35 instructions, they never fail


----------



## lack_of_boarding

Followed instructions.  Again, thanks a million for the quick responses.  Here is the Combofix log:

ComboFix 10-07-24.06 - Bryan 07/27/2010  14:06:25.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.553 [GMT -7:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bryan\Local Settings\Application Data\ssjaecesp

.
(((((((((((((((((((((((((   Files Created from 2010-06-27 to 2010-07-27  )))))))))))))))))))))))))))))))
.

2010-07-27 20:50 . 2010-07-27 20:51	--------	d-----w-	c:\program files\CCleaner
2010-07-27 02:24 . 2010-07-27 02:24	--------	d-----w-	c:\program files\Trend Micro
2010-07-27 02:18 . 2010-07-27 02:18	--------	d-----w-	c:\documents and settings\Bryan\Application Data\Malwarebytes
2010-07-27 02:18 . 2010-04-29 22:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 02:18 . 2010-07-27 02:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-27 02:18 . 2010-07-27 02:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-27 02:18 . 2010-04-29 22:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-27 02:09 . 2010-07-27 05:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Update
2010-07-25 02:46 . 2010-07-25 02:46	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-07-14 14:53 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 04:44 . 2010-07-27 20:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-29 02:30 . 2010-06-29 03:04	--------	d-----w-	c:\documents and settings\Bryan\Application Data\vlc

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 02:13 . 2010-03-10 03:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg9
2010-07-27 02:09 . 2010-05-10 04:05	--------	d-----w-	c:\documents and settings\Bryan\Application Data\uTorrent
2010-07-25 02:46 . 2010-03-10 03:47	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-07-25 02:45 . 2010-03-10 03:46	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-07-14 04:38 . 2010-03-22 02:37	--------	d-----w-	c:\documents and settings\Bryan\Application Data\Apple Computer
2010-07-11 19:04 . 2010-04-17 05:16	--------	d-----r-	c:\program files\Skype
2010-07-11 18:55 . 2010-04-17 05:17	--------	d-----w-	c:\documents and settings\Bryan\Application Data\Skype
2010-07-11 18:49 . 2010-04-17 05:17	--------	d-----w-	c:\documents and settings\Bryan\Application Data\skypePM
2010-06-14 14:31 . 2010-03-10 03:29	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 14:47 . 2010-03-26 04:35	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-06-03 01:22 . 2010-03-10 03:46	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 02:59 . 2010-05-25 02:59	61440	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e822c20-n\decora-sse.dll
2010-05-25 02:59 . 2010-05-25 02:59	348160	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\msvcr71.dll
2010-05-25 02:59 . 2010-05-25 02:59	503808	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\msvcp71.dll
2010-05-25 02:59 . 2010-05-25 02:59	12800	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e822c20-n\decora-d3d.dll
2010-05-25 02:59 . 2010-05-25 02:59	499712	----a-w-	c:\documents and settings\Bryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77919746-n\jmc.dll
2010-05-06 10:41 . 2006-02-28 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00	1851264	----a-w-	c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-07-11 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-25 2065760]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"TPSMain"="TPSMain.exe" [2004-08-27 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-25 02:46	12536	----a-w-	c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/9/2010 8:46 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/9/2010 8:47 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/24/2010 7:45 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/24/2010 7:45 PM 308136]
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-07-27  14:09:36
ComboFix-quarantined-files.txt  2010-07-27 21:09
ComboFix2.txt  2010-07-27 18:50

Pre-Run: 77,770,162,176 bytes free
Post-Run: 77,760,978,944 bytes free

- - End Of File - - 58D238F1C11D856D4477FA09D4806077




Let me know if you would also like a HJT log.  I'll check back shortly for further instructions.


----------



## johnb35

Nope, a hijackthis log is not needed.  You are done unless you are still having issues.


----------



## lack_of_boarding

Awesome!
Everything looks great so far.  
Once again, thank you so much for the assistance.  This forum and your help have been incredibly valuable!


----------



## lack_of_boarding

*Still some issues*

Hello all,
I'm still having one issue that i've noticed after I was infected with this virus.  In firefox 3.6.8, I am getting redirected when clicking on Google search results.  This click jacking doesn't seem to be taking place in IE 8.  

Example:
Entered Google search for "wiki How I met Your Mother"
Clicked on the top link, which in green states: en.wikipedia.org/wiki/How_I_Met_Your_Mother
Then as the page is loading, I see in the URL that I get redirected to several sites before landing to an undesired website.  

Some of the sites redirected to include:
http://samantasay.com/feedse.php?k=wiki+how+I+met+your+mother+

http://mx2.38855.asklots.com/jump1/...N3ATMfBTMfRTOx8lN3EDO5cDM4ITM&a=zk6&mr=1&rc=0

http://www.tazinga.com/directory/results/Wiki How I Met Your Mother

Running Malwarebytes as we speak, here is a HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:36 PM, on 8/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG9\avgupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6702 bytes


----------



## johnb35

Please download Gooredfix to your desktop from *here* or *here*


Ensure all Firefox windows are closed. 
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win 7). 
When prompted to run the scan, click Yes. 
GooredFix will check for infections, and then a log will appear. 
Please attach the Goored.txt log to your next reply (it can be found on your desktop).


----------



## lack_of_boarding

Ran GooredFix.  Here is the log:  

GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:54 on 02/08/2010 (Bryan)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{1CE11043-9A15-4207-A565-0C94C42D590D} [02:09 27/07/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:43 10/03/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [07:00 10/03/2010]

C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [14:54 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [07:00 10/03/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:57 13/04/2010]

-=E.O.F=-


----------



## johnb35

Ok, don't see anything there.

Download, update and run superantispyware.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Post the log when done.  You can find the log by pressing the preferences button on the main page and then click on statistics/logs tab and then open the log and copy and paste back here.


----------



## lack_of_boarding

*Sorry the log is too long here is the first half*

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2010 at 08:50 PM

Application Version : 4.41.1000

Core Rules Database Version : 5312
Trace Rules Database Version: 3124

Scan type       : Complete Scan
Total Scan Time : 00:24:48

Memory items scanned      : 428
Memory threats detected   : 0
Registry items scanned    : 5457
Registry threats detected : 0
File items scanned        : 15954
File threats detected     : 452

Adware.Tracking Cookie
	C:\Documents and Settings\Bryan\Cookies\bryan@collective-media[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@a1.interclick[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@stat.onestat[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@serving-sys[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@content.yieldmanager[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@advertising[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@yieldmanager[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@ad.wsod[3].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@interclick[3].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@bs.serving-sys[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@doubleclick[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@atdmt[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@ad.yieldmanager[3].txt
	a.ads2.msads.net [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	b.ads2.msads.net [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	content.oddcast.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	core.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	i.adultswim.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	media.mtvnservices.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	s0.2mdn.net [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	secure-us.imrworldwide.com [ C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\#SharedObjects\6BD2YQM4 ]
	.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.doubleclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.edgeadx.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.edgeadx.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	stat.onestat.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	stat.onestat.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.yieldmanager.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.questionmarket.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.apmebf.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.bs.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.serving-sys.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.mediaplex.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.mediaplex.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.msnportal.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adecn.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.liveperson.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.liveperson.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.overture.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.overture.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.chitika.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.kontera.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.kontera.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.kontera.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.tribalfusion.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.dmtracker.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.eyewonder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	0.w.y.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.myroitracking.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adultfriendfinder.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.clicksor.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adserving.contextualmarketplace.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adserving.contextualmarketplace.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.oasn04.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.legolas-media.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.legolas-media.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ads.adultswim.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adultswim.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	stat.onestat.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.andomedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.legolas-media.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.lucidmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.lucidmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.lucidmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]


----------



## lack_of_boarding

*and here is the next chunk*

.server.cpmstar.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ad.doubleclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.burstnet.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.tacoda.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.tacoda.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.tacoda.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.at.atwola.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.at.atwola.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.activenetwork.122.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.singletracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.singletracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.singletracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.singletracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.nextag.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.nextag.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.kontera.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	optimize.indieclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adinterax.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adinterax.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.mtvn.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adultswim.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	w.j.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.burstnet.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.burstbeacon.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	adserver.mapmyfitness.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	adserver.mapmyfitness.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	adserver.lat49.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ihire.122.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.richmedia.yahoo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trackalyzer.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	web4.realtracker.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.roiservice.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.californiastateautomobileassociation.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media6degrees.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ehg-csaa.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	3.v.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	banner.adchemy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	banner.adchemy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	3.w.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	b.u.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	b.w.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	landings.trafficz.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cn.clickable.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cn.clickable.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ev.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ads.pointroll.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	statse.webtrendslive.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	j.u.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.monstercom.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.xm.xtendmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.banners.socialflirt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	beacon.dmsinsights.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	beacon.dmsinsights.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.view.atdmt.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.flightstats.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.flightstats.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.flightstats.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.flightstats.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adserver.adtechus.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]


----------



## lack_of_boarding

*...and the rest*

.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trvlnet.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trvlnet.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trvlnet.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trvlnet.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.a1.interclick.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.oasn04.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	5.n.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.tacoda.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.romnation.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.romnation.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	adserving.cpxinteractive.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	adserving.cpxinteractive.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	adserving.cpxinteractive.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ru4.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
www.burstnet.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adserver.adtechus.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.account.live.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.account.live.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.msnaccountservices.112.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.content.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	x.l.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	x.v.i.cltomedia.info [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.zedo.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	citi.bridgetrack.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	citi.bridgetrack.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	citi.bridgetrack.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	citi.bridgetrack.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertising.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	cdn4.specificclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.advertise.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	stats.clicktracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	stats.clicktracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	stats.clicktracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	stats.clicktracks.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.oddcast.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.liveperson.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.mediacollege.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.mediacollege.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.www.burstnet.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
www.mysitetraffic.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
www.mysitetraffic.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.fastclick.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.xiti.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.collective-media.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.videoegg.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.viacom.adbureau.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.2o7.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.insightexpressai.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.trafficmp.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adxpose.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	tracking.admarketplace.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.at.atwola.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.atwola.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.oasn04.247realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	bridge1.admarketplace.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.admarketplace.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.ehg-apollointeractive.hitbox.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.network.realmedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.casalemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	da-tracking.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	da-tracking.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media.adfrontiers.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.media.adfrontiers.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.adbrite.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.linksynergy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.linksynergy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.linksynergy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.linksynergy.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.apmebf.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.questionmarket.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.content.yieldmanager.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	pixel.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.invitemedia.com [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	.revsci.net [ C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\5gu1miod.default\cookies.sqlite ]
	C:\Documents and Settings\Bryan\Cookies\bryan@atdmt[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@serving-sys[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@doubleclick[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@interclick[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@ad.wsod[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@ad.yieldmanager[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@microsoftwga.112.2o7[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@microsoftwindows.112.2o7[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@ad.primopdf[2].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@www.windowsmedia[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@fastclick[1].txt
	C:\Documents and Settings\Bryan\Cookies\bryan@msnportal.112.2o7[1].txt


----------



## johnb35

Are you still having the redirecting issue?


----------



## lack_of_boarding

Unfortunately yes.  The first few searches I did worked just fine.  But then I started getting redirected again.  Bummer!


----------



## johnb35

OK, download and run Ccleaner.

http://download.cnet.com/ccleaner/

Then set the options that are checked in the attached image and click on run cleaner.

Please provide an uninstall list using hijackthis.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list, save it and then copy and paste it back here.


----------



## lack_of_boarding

µTorrent
7-Zip 9.13 beta
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
CCleaner
CloneDVD2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 SR-1 Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.8)
PrimoPDF
QuickTime
SD Secure Module
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype™ 4.2
Sonic RecordNow!
SoundMAX
SUPERAntiSpyware
TOSHIBA Power Saver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VLC media player 1.1.0
Windows XP Service Pack 3


----------



## johnb35

Don't see any issues in there.  Please run an ESET online scan and post the log.

http://www.eset.com/online-scanner


----------



## lack_of_boarding

Not sure how to get the logs on that one...but scan ran, and said no threats found.  more than happy to run again if you need a log.  Still getting redirects unfortunately

Any more ideas?  I'm willing to make a more drastic move if you have any clues as to the root of the problem.


----------



## johnb35

Download and run *DR.Web Cureit* Save it to your desktop:


Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select Complete scan.

Click the green arrow
	

	
	
		
		

		
			
		
		
	


	




  at the right, and the scan will start.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your desktop. The report will be called DrWeb.csv
Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
Please post the Dr.Web.txt report in your next reply
Close Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.


----------



## lack_of_boarding

Sorry for not replying sooner.  Haven't had much computer repair time lately.  I ran Dr. Webcurit in both quick scan and full scan mode.  I accidentally closed afterwards and didn't manage to grab a log file, but the scan results said no viruses found on both acccounts. More than happy to run again and post next time if need be.  Still getting redirects on google searches in firefox.


----------



## gamblingman

Where are you being redirected to? Is it only happening in Firefox? Do you get any redirects in Internet Explorer? Is the redirect affecting your home page from showing or is it when you "search"? Also, is there anyone else using your computer?


----------



## lack_of_boarding

From what I've seen, the redirects are only in firefox, and only while using google.  Basically, I'll perform a search from the google home page, click on the most relevant link, and get redirected several times to different sites.  

Example: 
Searched for "golden valley brewery"
clicked on top link, which has the correct url listed
get redirected to the following three urls before landing on the last one:

http://5x5search.com/index.php?search=golden+valley+brewery+

http://itcg.21008.asklots.com/jump1...wUzMx8FMx8lM18lM0kzMxAjM4ITM&a=vgpt&mr=1&rc=0

http://mx2.38855.asklots.com/jump2/?affiliate=mx2&subid=38855&terms=golden valley brewery


It doesn't always happen on the first search, but after a couple, even when landing on the correct page, hitting back, and clicking the same link, it will redirect eventually.  Same results when using firefox standard search toolbar using google.  No problems with any other part of google like maps photos etc.  No problems with yahoo search.  

Haven't had any problems actually landing on the google home page.  Yahoo is my current home page, and I have never had it redirect when opening firefox and loading my home page. 

Keep the good questions coming, we'll find a solution some how!


----------



## gamblingman

Well I have a thought, but first I'd love to see some new HJT and Malwarebytes logs, just to be sure we aren't spinning our wheels. 

So if you could re-scan with both and post the logs it may help to know where we are on this. Please update and scan with Malwarebytes first and then HJT and post their logs. Don't scan with both at the same time, and please close all open programs before conducting any scans and refrain from doing anything on the computer during the scans.

Also, for connecting to the internet, do you have:

Just a modem which is connected via cable to the computer
A modem and a router, but they are separate devices
A combination router-modem
Other - Please Specify

Be as specific as you can on the brand/model of the equipment you utilize. Also include if you have any other local connections through your computer to another computer(s) via router or through any other means, describe the setup. 

Is anyone but you using this computer? If there are other users on this computer, are there multiple windows user profiles for each individual?


----------



## johnb35

I usually don't recommend doing this but it fixed one person's issues.  Download, update, and run Spybot search and destroy and post the log.

http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html


----------



## lack_of_boarding

Downloaded and updated SpyBot S&D, immunized, scanned for problems, and printed the following summary:

DoubleClick: Tracking cookie (Internet Explorer: Bryan) (Cookie, fixed)
Right Media: Tracking cookie (Internet Explorer: Bryan) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Clickbank: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-08-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-27 Includes\AdwareC.sbi (*)
2010-08-12 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-27 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-08-17 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-07-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-07-28 Includes\TrojansC-04.sbi (*)
2010-08-17 Includes\TrojansC-05.sbi (*)
2010-08-15 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


----------



## lack_of_boarding

Downloaded and updated SpyBot S&D, immunized, scanned for problems, and printed the following summary:

DoubleClick: Tracking cookie (Internet Explorer: Bryan) (Cookie, fixed)
Right Media: Tracking cookie (Internet Explorer: Bryan) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Clickbank: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
AdBrite: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Bryan (default)) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-08-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-27 Includes\AdwareC.sbi (*)
2010-08-12 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-27 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-08-17 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-07-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-07-28 Includes\TrojansC-04.sbi (*)
2010-08-17 Includes\TrojansC-05.sbi (*)
2010-08-15 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


...still getting redirected


----------



## johnb35

Disable/uninstall all add-ons in both broswers and see if the redirects continue.  I've been at a loss for the past few days.  I worked on one machine and it ended up being the add-ons that was causing the redirects.


----------



## lack_of_boarding

First of all,
I apologize for the longest delay in response ever! 

Second of all,
By god I think you've done it!

I haven't been using the home pc for more than an hour or two a day, but all this time I've just been avoiding using google.  Not a big deal since google maps, images, etc. still worked fine.  

Anyways, back to the point...

Tried uninstalling and reinstalling firefox.  Didn't work.  Still got redirected on google searches.  Although, since google has changed their search functionality, it mostly happened when using the google search bar in the upper left corner of firefox. (Not google search toolbar, just standard firefox search bar)  

Took your advice, and disabled all add ons in both firefox and internet explorer, and now, I seem to get directed accurately to links found in google search results.  

After disabling add ons, i can't seem to replicate the problem.  Having said this, are there further steps I can take to permanently uninstall the defective add on in my firefox browser?  

Thank you big time for all the advice, and especially for the patience!  Also, happy Friday!


----------



## johnb35

Can you give me a list of what addons you had disabled?  That might help pinpoint which one(s) were causing the redirects.


----------



## lack_of_boarding

Here are screen shots of my Firefox plugins and extensions that i disabled, as well as the list of IE Add Ons I disabled.  Let me know if you have trouble viewing them.


----------



## johnb35

I'm not positive, but I'm guessing it could be the roboform toolbar as some toolbars usually cause issues like this.


----------

