Inactive Virus redirects me from Google "fusionresearch.com" when I click a search result

[lawrierl]

Can anyone help me? When I choose a google search result, I am typically redirected to other sites. It appears that I am mostly redirected to "fusionresearch.com". What can I do to get this off of my computer?

Thanks,
Becky Ray

 

[Bobbye]

Welcome to TechSpot! I guess you missed this sticky:

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
===========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[lawrierl]

Logs

You're right! I didn't see the sticky. But no fear, here is the info:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7360

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/2/2011 11:14:03 PM
mbam-log-2011-08-02 (23-14-03).txt

Scan type: Quick scan
Objects scanned: 176054
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\AppID\main.DLL\AppID (Adware.DeepDive) -> Value: AppID -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\screensavers.com\wallpaper (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\localservice\application data\020000002c69f2791406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000002c69f2791406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000002c69f2791406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000002c69f2791406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\Common\_helper.sig (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
c:\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000002c69f2791406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000002c69f2791406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000002c69f2791406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000002c69f2791406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\screensavers.com\wallpaper\friday night lights - kyle chandler.jpg (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\screensavers.com\wallpaper\greys anatomy - patrick dempsey.jpg (Adware.Comet) -> Quarantined and deleted successfully.
c:\program files\screensavers.com\wallpaper\scooby-doo - ruh-roh!.jpg (Adware.Comet) -> Quarantined and deleted successfully.
____________________________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-02 23:37:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3200822AS rev.3.02
Running: k7y49u7m.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\uxldypod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

______________________________________________________________

dds.txt
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by HP_Owner at 23:41:39 on 2011-08-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1350 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\utildll32.exe
C:\WINDOWS\system32\iplPX32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\Imgtask.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/?ref=hp
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VTTimer] VTTimer.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ImgTask] c:\windows\Imgtask.exe
mRun: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup\uBBMonitor.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: fredericks.com\secureweb
Trusted Zone: limewire.com\www
Trusted Zone: weightwatchers.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www2.snapfish.com/SnapfishOutlookImport.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://gateway.kroger.com/iNotes.cab,DanaInfo=a060mail01.kroger.com,CT=java+
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://gateway.kroger.com/iNotes6W.cab,DanaInfo=a060mail01.kroger.com,CT=java+
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxps://www.tastefullysimple.com/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=u4mpvyiw2mxh4evipiyexs45&ControlID=25dfa460a683442fb73ea5f3e6c68b21&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} - hxxp://www.dynacal.com/wyncs/Wyncs.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxp://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax2918.cab
TCP: DhcpNameServer = 192.168.200.1
TCP: Interfaces\{30A29FCF-D878-46B2-AF60-5EA4FF3D53D2} : DhcpNameServer = 192.168.200.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\ksuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\n7jm6atz.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\hp_owner\local settings\application data\robloxversions\version-5ce51d8367464075\NPRobloxProxy.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2007-8-25 211816]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-2 366640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-4 583640]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-3-21 1245064]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 winmgmt32;Windows Management Instrumentation ;c:\windows\system32\utildll32.exe [2011-7-28 764928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-30 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-2 22712]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110802.024\NAVENG.SYS [2011-8-2 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110802.024\NAVEX15.SYS [2011-8-2 1542392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-30 133104]
S2 gupdate1ca10ca6b58e3ca;Google Update Service (gupdate1ca10ca6b58e3ca);c:\program files\google\update\GoogleUpdate.exe [2009-7-30 133104]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\hp_owner\locals~1\temp\cdiskdun.sys --> c:\docume~1\hp_owner\locals~1\temp\cdiskdun.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-30 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-2 41272]
.
=============== Created Last 30 ================
.
2011-08-03 03:14:54 345600 ----a-w- c:\windows\system32\audiodev32.dll
2011-08-02 22:36:43 -------- d-----w- c:\documents and settings\hp_owner\application data\Malwarebytes
2011-08-02 22:36:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 22:36:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-02 22:36:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 22:36:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 17:16:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-30 17:16:01 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-07-30 17:16:01 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-07-30 17:16:01 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-07-30 17:16:01 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-07-30 17:16:01 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-07-30 17:16:01 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-07-30 17:16:01 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-07-30 17:16:00 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-30 17:16:00 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-28 23:46:48 0 ---ha-w- c:\documents and settings\hp_owner\tlbkepswgk.tmp
2011-07-28 21:42:23 764928 ----a-w- c:\windows\system32\iplPX32.exe
2011-07-28 21:42:22 161280 ----a-w- c:\windows\system32\ksuser32.dll
2011-07-28 21:42:19 764928 ----a-w- c:\windows\system32\utildll32.exe
2011-07-26 06:19:23 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{fc97f8a1-8b9d-4083-86e1-8286a6cf05d0}\mpengine.dll
.
==================== Find3M ====================
.
2011-06-07 15:12:57 85600 ----a-w- c:\windows\~GLC0002.TMP
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:42:39.06 ===============
_____________________________________________________________
attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/21/2005 6:51:47 PM
System Uptime: 8/2/2011 11:15:31 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish2
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 180 GiB total, 90.23 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.593 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Agere Systems PCI Soft Modem
Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&2E9A5DB2&0&28F0
Manufacturer: Agere
Name: Agere Systems PCI Soft Modem
PNP Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&2E9A5DB2&0&28F0
Service: Modem
.
==== System Restore Points ===================
.
RP2340: 7/17/2011 11:37:15 PM - System Checkpoint
RP2341: 3/18/2011 9:01:25 PM - System Checkpoint
RP2342: 3/19/2011 2:28:19 AM - Software Distribution Service 3.0
RP2343: 3/20/2011 3:43:20 AM - System Checkpoint
RP2344: 3/21/2011 4:28:45 AM - System Checkpoint
RP2345: 3/22/2011 2:28:26 AM - Software Distribution Service 3.0
RP2346: 3/23/2011 3:06:55 AM - System Checkpoint
RP2347: 3/24/2011 3:18:50 AM - System Checkpoint
RP2348: 3/25/2011 2:28:20 AM - Software Distribution Service 3.0
RP2349: 3/26/2011 3:18:59 AM - System Checkpoint
RP2350: 3/27/2011 4:30:57 AM - System Checkpoint
RP2351: 3/28/2011 5:42:57 AM - System Checkpoint
RP2352: 3/29/2011 2:28:21 AM - Software Distribution Service 3.0
RP2353: 3/30/2011 2:42:57 AM - System Checkpoint
RP2354: 3/31/2011 4:44:25 AM - System Checkpoint
RP2355: 4/1/2011 2:28:21 AM - Software Distribution Service 3.0
RP2356: 4/2/2011 3:30:58 AM - System Checkpoint
RP2357: 4/3/2011 4:18:57 AM - System Checkpoint
RP2358: 4/4/2011 3:00:17 AM - Software Distribution Service 3.0
RP2359: 4/5/2011 3:51:03 AM - System Checkpoint
RP2360: 4/5/2011 10:52:24 AM - Software Distribution Service 3.0
RP2361: 4/6/2011 4:33:55 PM - System Checkpoint
RP2362: 4/7/2011 4:41:07 PM - System Checkpoint
RP2363: 4/8/2011 2:31:22 PM - Software Distribution Service 3.0
RP2364: 4/9/2011 4:06:46 PM - System Checkpoint
RP2365: 4/10/2011 5:51:16 PM - System Checkpoint
RP2366: 4/11/2011 6:41:47 PM - System Checkpoint
RP2367: 4/12/2011 2:51:27 PM - Software Distribution Service 3.0
RP2368: 4/13/2011 3:00:37 AM - Software Distribution Service 3.0
RP2369: 4/14/2011 3:36:53 AM - System Checkpoint
RP2370: 4/15/2011 1:46:17 AM - Software Distribution Service 3.0
RP2371: 4/16/2011 2:24:53 AM - System Checkpoint
RP2372: 4/17/2011 3:12:53 AM - System Checkpoint
RP2373: 4/18/2011 3:37:22 AM - System Checkpoint
RP2374: 4/20/2011 3:12:17 PM - Software Distribution Service 3.0
RP2375: 4/21/2011 3:00:17 AM - Software Distribution Service 3.0
RP2376: 4/22/2011 2:08:15 AM - Software Distribution Service 3.0
RP2377: 4/23/2011 2:58:09 AM - System Checkpoint
RP2378: 4/24/2011 4:46:11 AM - System Checkpoint
RP2379: 4/25/2011 6:45:08 AM - System Checkpoint
RP2380: 4/26/2011 2:08:21 AM - Software Distribution Service 3.0
RP2381: 4/27/2011 3:00:17 AM - Software Distribution Service 3.0
RP2382: 4/28/2011 4:47:44 AM - System Checkpoint
RP2383: 4/29/2011 2:08:21 AM - Software Distribution Service 3.0
RP2384: 4/30/2011 2:23:50 AM - System Checkpoint
RP2385: 5/1/2011 2:46:15 AM - System Checkpoint
RP2386: 5/2/2011 3:33:16 AM - System Checkpoint
RP2387: 5/3/2011 2:08:19 AM - Software Distribution Service 3.0
RP2388: 5/3/2011 3:47:13 PM - Norton_Power_Eraser_20110503154706968
RP2389: 5/4/2011 4:20:42 PM - System Checkpoint
RP2390: 5/5/2011 7:25:47 PM - System Checkpoint
RP2391: 5/6/2011 2:18:16 AM - Software Distribution Service 3.0
RP2392: 5/7/2011 2:47:46 AM - System Checkpoint
RP2393: 5/8/2011 7:15:43 AM - System Checkpoint
RP2394: 5/9/2011 7:24:45 AM - System Checkpoint
RP2395: 5/10/2011 2:18:24 AM - Software Distribution Service 3.0
RP2396: 5/11/2011 3:00:32 AM - Software Distribution Service 3.0
RP2397: 5/12/2011 4:35:46 AM - System Checkpoint
RP2398: 5/13/2011 2:18:23 AM - Software Distribution Service 3.0
RP2399: 5/14/2011 2:23:50 AM - System Checkpoint
RP2400: 5/15/2011 3:35:50 AM - System Checkpoint
RP2401: 5/16/2011 5:13:49 AM - System Checkpoint
RP2402: 5/17/2011 2:18:24 AM - Software Distribution Service 3.0
RP2403: 5/18/2011 3:23:50 AM - System Checkpoint
RP2404: 5/19/2011 3:47:49 AM - System Checkpoint
RP2405: 5/20/2011 2:18:21 AM - Software Distribution Service 3.0
RP2406: 5/21/2011 3:35:54 AM - System Checkpoint
RP2407: 5/22/2011 4:23:54 AM - System Checkpoint
RP2408: 5/23/2011 8:03:21 AM - System Checkpoint
RP2409: 5/24/2011 2:18:06 AM - Software Distribution Service 3.0
RP2410: 5/25/2011 2:22:35 AM - System Checkpoint
RP2411: 5/26/2011 2:59:55 AM - System Checkpoint
RP2412: 5/27/2011 8:55:52 AM - System Checkpoint
RP2413: 5/27/2011 9:29:59 AM - Software Distribution Service 3.0
RP2414: 5/28/2011 9:38:21 AM - System Checkpoint
RP2415: 5/29/2011 11:47:01 AM - System Checkpoint
RP2416: 5/30/2011 11:59:55 AM - System Checkpoint
RP2417: 5/31/2011 2:18:22 AM - Software Distribution Service 3.0
RP2418: 6/1/2011 2:47:54 AM - System Checkpoint
RP2419: 6/2/2011 3:59:53 AM - System Checkpoint
RP2420: 6/3/2011 2:18:06 AM - Software Distribution Service 3.0
RP2421: 6/4/2011 2:28:19 AM - System Checkpoint
RP2422: 6/5/2011 2:36:02 AM - System Checkpoint
RP2423: 6/6/2011 3:12:02 AM - System Checkpoint
RP2424: 6/7/2011 2:18:28 AM - Software Distribution Service 3.0
RP2425: 6/8/2011 3:12:03 AM - System Checkpoint
RP2426: 6/9/2011 4:48:02 AM - System Checkpoint
RP2427: 6/10/2011 2:10:17 AM - Software Distribution Service 3.0
RP2428: 6/11/2011 2:48:50 AM - System Checkpoint
RP2429: 6/12/2011 4:34:47 AM - System Checkpoint
RP2430: 6/13/2011 4:46:18 AM - System Checkpoint
RP2431: 6/14/2011 2:10:21 AM - Software Distribution Service 3.0
RP2432: 6/15/2011 5:32:41 AM - System Checkpoint
RP2433: 6/16/2011 3:00:36 AM - Software Distribution Service 3.0
RP2434: 6/17/2011 2:05:19 AM - Software Distribution Service 3.0
RP2435: 6/18/2011 3:32:47 AM - System Checkpoint
RP2436: 6/19/2011 5:39:33 AM - System Checkpoint
RP2437: 6/20/2011 8:03:50 AM - System Checkpoint
RP2438: 6/21/2011 2:05:32 AM - Software Distribution Service 3.0
RP2439: 6/22/2011 4:46:04 PM - System Checkpoint
RP2440: 6/23/2011 5:33:50 PM - System Checkpoint
RP2441: 6/24/2011 2:05:24 AM - Software Distribution Service 3.0
RP2442: 6/25/2011 8:29:56 AM - System Checkpoint
RP2443: 6/26/2011 9:04:59 AM - System Checkpoint
RP2444: 6/27/2011 10:03:11 AM - System Checkpoint
RP2445: 6/28/2011 2:05:12 AM - Software Distribution Service 3.0
RP2446: 6/29/2011 3:00:17 AM - Software Distribution Service 3.0
RP2447: 6/30/2011 3:34:00 AM - System Checkpoint
RP2448: 7/1/2011 2:28:26 AM - Software Distribution Service 3.0
RP2449: 7/2/2011 3:10:00 AM - System Checkpoint
RP2450: 7/3/2011 3:22:00 AM - System Checkpoint
RP2451: 7/4/2011 3:46:04 AM - System Checkpoint
RP2452: 7/5/2011 2:28:17 AM - Software Distribution Service 3.0
RP2453: 7/6/2011 2:46:04 AM - System Checkpoint
RP2454: 7/7/2011 3:34:03 AM - System Checkpoint
RP2455: 7/8/2011 2:28:15 AM - Software Distribution Service 3.0
RP2456: 7/9/2011 3:10:04 AM - System Checkpoint
RP2457: 7/10/2011 3:48:03 AM - System Checkpoint
RP2458: 7/11/2011 4:10:07 AM - System Checkpoint
RP2459: 7/12/2011 2:28:27 AM - Software Distribution Service 3.0
RP2460: 7/13/2011 3:00:29 AM - Software Distribution Service 3.0
RP2461: 7/14/2011 3:39:44 AM - System Checkpoint
RP2462: 7/15/2011 2:08:21 AM - Software Distribution Service 3.0
RP2463: 7/16/2011 2:51:45 AM - System Checkpoint
RP2464: 7/17/2011 3:20:41 AM - System Checkpoint
RP2465: 7/18/2011 3:27:49 AM - System Checkpoint
RP2466: 7/19/2011 4:39:49 AM - System Checkpoint
RP2467: 7/19/2011 9:25:11 PM - Software Distribution Service 3.0
RP2468: 7/20/2011 10:37:04 PM - System Checkpoint
RP2469: 7/22/2011 1:14:04 AM - System Checkpoint
RP2470: 7/22/2011 2:19:28 AM - Software Distribution Service 3.0
RP2471: 7/23/2011 2:34:36 AM - System Checkpoint
RP2472: 7/24/2011 2:46:37 AM - System Checkpoint
RP2473: 7/25/2011 4:58:48 AM - System Checkpoint
RP2474: 7/26/2011 2:19:19 AM - Software Distribution Service 3.0
RP2475: 7/27/2011 4:11:13 AM - System Checkpoint
RP2476: 7/28/2011 4:58:40 AM - System Checkpoint
RP2477: 7/28/2011 7:36:15 PM - Software Distribution Service 3.0
RP2478: 7/28/2011 7:48:10 PM - Removed Star Wars®: Knights of the Old Republic (TM)
RP2479: 7/29/2011 2:19:19 AM - Software Distribution Service 3.0
RP2480: 7/29/2011 5:16:57 AM - Software Distribution Service 3.0
RP2481: 7/29/2011 11:10:55 PM - Software Distribution Service 3.0
RP2482: 7/30/2011 2:18:21 AM - Software Distribution Service 3.0
RP2483: 7/30/2011 12:49:17 PM - Removed Business Contact Manager for Outlook 2003
RP2484: 7/30/2011 12:52:54 PM - Removed Google Earth Plug-in.
RP2485: 7/30/2011 12:54:50 PM - Removed Microsoft Money Shared Libraries
RP2486: 7/30/2011 7:54:26 PM - Software Distribution Service 3.0
RP2487: 7/31/2011 1:41:21 AM - Software Distribution Service 3.0
RP2488: 7/31/2011 2:39:52 PM - Software Distribution Service 3.0
RP2489: 8/1/2011 1:41:21 AM - Software Distribution Service 3.0
RP2490: 8/1/2011 10:13:42 AM - Software Distribution Service 3.0
RP2491: 8/2/2011 1:42:14 AM - Software Distribution Service 3.0
RP2492: 8/2/2011 8:06:49 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1600
1600_Help
1600Trb
3ivx MPEG-4 5.0.3 (remove only)
Adobe Acrobat 5.0
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Airport Mania
AppCore
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft PhotoPrinter 5
ArcSoft TotalMedia Backup
Boggle Supreme
Bonjour
Bonus
BufferChm
CameraDrivers
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
CCScore
CIB
Compatibility Pack for the 2007 Office system
Component Framework
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
Creating Keepsakes Scrapbook Designer
CreativeProjects
CreativeProjectsTemplates
CueTour
DB CIF Cam
Dell Digital Jukebox Driver
Destinations
Director
DocProc
DocumentViewer
Easy MPEG/AVI/DIVX/WMV/RM to DVD 2.0.17
Enhanced Multimedia Keyboard Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fax
fflink
FlipShare
GdiplusUpgrade
Google Update Helper
Help and Support Additions
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Image Zone Plus 4.2.3
HP Organize
HP Photosmart Cameras 4.0
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPIZ423
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
Intellisync Lite
InterActual Player
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
Jobulator
Juniper Networks Cache Cleaner 6.2.0
Juniper Networks Host Checker
Juniper Terminal Services Client
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
LeapFrog Connect
LeapFrog Tag Plugin
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LP_Flash
LS_HSI
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 5.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 3.5 magicMoments - HPD
netbrdg
Norton Add-on Pack (Symantec Corporation)
Norton AntiSpam
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OfotoXMI
OverDrive Media Console
PanoStandAlone
Pharaoh and Cleopatra
PhotoGallery
PictureGear 4.6Lite
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Registry Mechanic 10.0
Roblox for HP_Owner
Safari
Sandlot Games Client Services
Scan
ScannerCopy
sd_gs_saver1 Screen Saver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
SFR
SFR2
SHASTA
skin0001
SkinsHP1
SKINXSDK
Skype Toolbars
Skype™ 5.0
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
SPBBC 32bit
staticcr
Super Collapse II
Symantec Real Time Storage Protection Component
SymNet
TomTom HOME 2.5.1.36
tooltips
TrayApp
Unity Web Player
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Updates from HP
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VPRINTOL
WebFldrs XP
WebIQ Client Software
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
World of Warcraft
Write Me a Memory Font CD
ZoomTown Software
.
==== Event Viewer Messages From Past Week ========
.
8/2/2011 6:54:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k SISAGP viaagp1
8/2/2011 1:42:47 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.109.869.0).
7/30/2011 12:58:46 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
7/30/2011 12:36:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FlipShare Server service to connect.
7/30/2011 12:36:32 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/30/2011 12:36:17 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 2:19:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.109.625.0).
.
==== End Of File ===========================

 

[lawrierl]

Update

Hi! I am not pressuring you in any way, but I don't want my thread to be closed so I just wanted to give you an update on my status. I will be monitoring this site today but I will be unavailable after today until August 14. We are still having this problem so I want to continue working with you. I am hoping this will prevent my thread from being closed. Thanks!

Becky

 

[Bobbye]

Thank you Becky. I'll leave a note at the end to keep the thread open.

Please remove all of these from the Trusted Zone:
Trusted Zone: fredericks.com\secureweb
Trusted Zone: limewire.com\www
Trusted Zone: weightwatchers.com\www
Nothing needs to be in this zone. It's a marketing ploy to allow promotional and other mail from them into the system. The security is lower in this zone- and you most surely don't want LimeWire there!
=====================================
P2P Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. The use of LimeWire and any pther file sharing program will assure you of malware. I suggest that you uninstall LimeWire for the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• File sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
=========================================
You have 6 outdated versions of Java- all vulnerabilities
The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
Do this after you have run JavaRa and then updated Java and rebooted
You will most surely have malware in the Java cache, so you should go ahead and empty it:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
=========================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=================================================
Please leave the Combofix log in your next reply.

(OT- leave open 8/14)

 

[lawrierl]

Here is the Combofix log! Thanks for the help!!!
Becky

ComboFix 11-08-15.04 - HP_Owner 08/14/2011 15:44:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1189 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\020000002c69f2791406C.manifest
c:\documents and settings\LocalService\Application Data\020000002c69f2791406O.manifest
c:\documents and settings\LocalService\Application Data\020000002c69f2791406P.manifest
c:\documents and settings\LocalService\Application Data\020000002c69f2791406S.manifest
.
---- Previous Run -------
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\n7jm6atz.default\extensions\{5d0e1cad-c768-4012-b7be-553f1bbdfae2}
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\n7jm6atz.default\extensions\{5d0e1cad-c768-4012-b7be-553f1bbdfae2}\chrome.manifest
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\n7jm6atz.default\extensions\{5d0e1cad-c768-4012-b7be-553f1bbdfae2}\chrome\xulcache.jar
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\n7jm6atz.default\extensions\{5d0e1cad-c768-4012-b7be-553f1bbdfae2}\defaults\preferences\xulcache.js
c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\n7jm6atz.default\extensions\{5d0e1cad-c768-4012-b7be-553f1bbdfae2}\install.rdf
c:\documents and settings\HP_Owner\tlbkepswgk.tmp
c:\documents and settings\HP_Owner\WINDOWS
c:\documents and settings\LocalService\Application Data\020000002c69f2791406C.manifest
c:\documents and settings\LocalService\Application Data\020000002c69f2791406O.manifest
c:\documents and settings\LocalService\Application Data\020000002c69f2791406P.manifest
c:\documents and settings\LocalService\Application Data\020000002c69f2791406S.manifest
c:\program files\Common
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Imgtask.exe
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\no
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 18:49 . 2011-08-14 18:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-14 13:03 . 2011-08-14 13:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-14 13:03 . 2011-08-14 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-08-14 13:03 . 2011-08-14 13:03 -------- d-----w- c:\program files\McAfee Security Scan
2011-08-14 00:38 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-14 00:37 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-03 03:48 . 2011-08-14 18:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-03 03:48 . 2011-08-14 18:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-03 03:14 . 2011-08-03 03:14 345600 ----a-w- c:\windows\system32\audiodev32.dll
2011-08-02 22:36 . 2011-08-02 22:36 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2011-08-02 22:36 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 22:36 . 2011-08-02 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-02 22:36 . 2011-08-02 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 22:36 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 17:16 . 2011-07-08 07:16 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-30 17:16 . 2011-07-08 07:16 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-30 17:16 . 2011-07-08 07:16 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-30 17:16 . 2011-07-08 07:16 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-30 17:16 . 2011-07-08 07:16 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-30 17:16 . 2011-07-08 07:16 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-30 17:16 . 2011-07-08 07:16 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-30 17:16 . 2011-07-08 07:16 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-30 17:16 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-30 17:16 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-29 23:04 . 2011-07-29 23:07 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3
2011-07-28 21:42 . 2011-07-28 21:42 764928 ----a-w- c:\windows\system32\iplPX32.exe
2011-07-28 21:42 . 2011-07-28 21:42 161280 ----a-w- c:\windows\system32\ksuser32.dll
2011-07-28 21:42 . 2011-07-28 21:42 764928 ----a-w- c:\windows\system32\utildll32.exe
2011-07-26 06:19 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC97F8A1-8B9D-4083-86E1-8286A6CF05D0}\mpengine.dll
2011-07-21 19:49 . 2011-07-21 19:49 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-11-03 18:50 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2009-07-19 19:25 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-08 14:02 . 2004-11-03 18:50 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-11-03 18:50 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-11-03 18:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-11-03 18:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-11-03 18:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-11-03 18:50 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-11-03 18:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-07 15:12 . 2011-06-07 15:12 85600 ----a-w- c:\windows\~GLC0002.TMP
2011-06-02 14:02 . 2004-11-03 18:52 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 23:14 . 2009-10-03 01:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-08 07:16 . 2011-07-30 17:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-14_19.17.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-14 19:31 . 2011-08-14 19:31 16384 c:\windows\Temp\Perflib_Perfdata_1b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [BU]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 180269]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-09-28 185688]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"IcoSet"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 2805248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2010-11-26 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\ksuser32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Jobulator.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\Jobulator.lnk
backup=c:\windows\pss\Jobulator.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-21 05:51 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 21:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\documents and settings\HP_Owner\Application Data\Facebook\facebook.exe"= c:\documents and settings\HP_Owner\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 12:58 PM 1085440]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 9:47 PM 149352]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2011 6:36 PM 366640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/4/2010 9:06 PM 583640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 winmgmt32;Windows Management Instrumentation ;c:\windows\system32\utildll32.exe [7/28/2011 5:42 PM 764928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2011 12:33 PM 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/2/2011 6:36 PM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2009 12:01 AM 133104]
S2 gupdate1ca10ca6b58e3ca;Google Update Service (gupdate1ca10ca6b58e3ca);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2009 12:01 AM 133104]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\HP_Owner\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\HP_Owner\LOCALS~1\Temp\cdiskdun.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [6/19/2007 2:21 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2009 12:01 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/2/2011 6:36 PM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 04:01]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 04:01]
.
2011-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-08-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]
.
2011-08-14 c:\windows\Tasks\User_Feed_Synchronization-{127E4DCF-4630-4D04-9455-45FB47CD677A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.200.1
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxps://www.tastefullysimple.com/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=u4mpvyiw2mxh4evipiyexs45&ControlID=25dfa460a683442fb73ea5f3e6c68b21&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} - hxxp://www.dynacal.com/wyncs/Wyncs.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\n7jm6atz.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{83d96ed0-98aa-4515-8ddc-816f3efdd104} - c:\program files\InstallShield Installation Information\{83d96ed0-98aa-4515-8ddc-816f3efdd104}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2350988805-2725598575-1874813117-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-08-14 16:03:27
ComboFix-quarantined-files.txt 2011-08-14 20:03
.
Pre-Run: 95,663,284,224 bytes free
Post-Run: 95,190,462,464 bytes free
.
- - End Of File - - 61FD5C76C99BBCBBE590251C8CCE83D6

 

[Bobbye]

Sorry- running a bit behind.

I strongly recommend that you go through the addons and remove or disable as many as you can. All or most of these are Active X Objects. Each can be a vulnerability to the system. It appears that media and photo imaging are high on your list- that's okay but having so many of these type is not good for a healthy system.

You have 38 addons, most Active X. Do you really need all of these for features for:
costcophotocenter.com
offers.e-centives.com
Pinecone Research: gathering consumer opinion
/images3.pnimedia.com/ProductAssets/costcous: photo uload
Tastefully Simple: food & gifts
Kroger
Cosco, etc
---------
Please sign on to the Administrator account> open IE> Tools> Manage addons>> there are 2 categories> 1 addons now on system and 2. addons previously on system. Look through bot sections be clicking on the arrow point to the right of the dialog box. Remove or disable as many as you can. It's easy to see by some of the sites you're visiting how you're picking adware/spyware/ other malware, up.
========================================
I'd like you to run the following> be sure to check the line for removal> paste the log in next reply. I will have you reset the Cookies to prevent the Tracking Cookies.

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
======================================
Another consideration: using the FlipShareServer allows you to put video on social media sites. If you in turn are also receiving media from same, note that this is file sharing and a danger to the system.
=======================================
Are you aware that you also have the McAfee Security scan running? If Norton is the AV, you need to remove McAfee: McAfee Removal
=====================================
You also have multiple auto-updaters set to run on Startup. The only auto-updater that need to be on Startup is the AV program and it's firewall if there is one.

Script to follow after I see the SAS log.

 

[lawrierl]

maybe a stupid question...

I am going into my add-ons and not seeing those you mention. I am not sure if I am actually logging onto the administrator account. I assume I am not. Can you direct me on how to make sure I am in the administrator account?

Thanks,
Becky

 

[lawrierl]

Administrator Account

I went into the Control Panel and saw that I only have the one user account that is an administrator account. So I am assuming that I am always logged on as an administrator.
I went back into the add-ons in IE. While the sites you listed look familiar to me, I don't see them in my add-ons. Can you help me figure out why? I am going to go on and run the next step of the Super AntiSpyware program.

Becky

 

[lawrierl]

The Super AntiSpyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2011 at 11:04 PM

Application Version : 5.0.1118

Core Rules Database Version : 7585
Trace Rules Database Version: 5397

Scan type : Complete Scan
Total Scan Time : 01:25:05

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 634
Memory threats detected : 2
Registry items scanned : 38705
Registry threats detected : 14
File items scanned : 77925
File threats detected : 254

Adware.180solutions/Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@a1.interclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertise[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bizzclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@imrworldwide[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@interclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@invitemedia[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@lucidmedia[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media6degrees[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediabrandsww[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.find-fast-answers[2].txt
C:\Documents and Settings\HP_Owner\Cookies\XPG68Z0M.txt
C:\Documents and Settings\HP_Owner\Cookies\O4X9ZKRD.txt
C:\Documents and Settings\HP_Owner\Cookies\UEMM64N0.txt
C:\Documents and Settings\HP_Owner\Cookies\7VT4FOXJ.txt
C:\Documents and Settings\HP_Owner\Cookies\BP6Y2ST1.txt
C:\Documents and Settings\HP_Owner\Cookies\3XWF3PZV.txt
C:\Documents and Settings\HP_Owner\Cookies\DW27RG2O.txt
C:\Documents and Settings\HP_Owner\Cookies\R2IJKTZO.txt
C:\Documents and Settings\HP_Owner\Cookies\2USMZIY4.txt
C:\Documents and Settings\HP_Owner\Cookies\FNW15EL0.txt
C:\Documents and Settings\HP_Owner\Cookies\G67TZ9QH.txt
mediacast.realgravity.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LVFRMS23 ]
mediasuite.multicastmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LVFRMS23 ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
bridge1.admarketplace.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.admarketplace.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
segment-pixel.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
va.px.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.countryday.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
moodle.countryday.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
www.find-fast-answers.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
track.napprd.netshelter.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.clickbooth.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
jmp.clickbooth.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
adserver.brownpublishing.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
adserver.brownpublishing.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
adserver.brownpublishing.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
stats.peopletopeople.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
stats.peopletopeople.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ewstv.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.generalelectric.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.bizzclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.countryday.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
www.countryday.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.countryday.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.countryday.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.countryday.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7JM6ATZ.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen
HKLM\System\ControlSet001\Services\WINMGMT32
C:\WINDOWS\SYSTEM32\UTILDLL32.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_WINMGMT32
HKLM\System\ControlSet003\Services\WINMGMT32
HKLM\System\ControlSet003\Enum\Root\LEGACY_WINMGMT32
HKLM\System\CurrentControlSet\Services\WINMGMT32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMGMT32
C:\WINDOWS\SYSTEM32\UTILDLL32.EXE
C:\WINDOWS\SYSTEM32\IPLPX32.EXE
C:\WINDOWS\SYSTEM32\IPLPX32.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP2507\A0174058.EXE
C:\WINDOWS\Prefetch\IPLPX32.EXE-16F14C32.pf

 

[Bobbye]

About the entries in SAS:
1. Dis you check the box in SAS for removal of the entries it finds? This is similar to the line in Mbam. If you did notu did not check it, run SAS again with the box checked for removal.
2. There is only 1 name for user in the Tracking Cookies: it is HP_Owner
3. The Tracking Cookies are the usual internet junk found on every site. But it clearly shows you are set to accept 3rd party Cookies and we need to change that. All the these are in Firefox, but please also follow the reset for Internet Explorer:
Reset Cookies

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus[
Easy Listhttp://easylist.adblockplus.org/

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Chrome if you decide to use this browser at some point: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=========================================
Delete the prefetch files: I like to use Windows explorer to do this and the files are easily accessible:
These are hidden files: Show Hidden Folders/Files

• Open My Computer.
  [*] Go to Tools > Folder Options.
  [*] Select the View tab.
  [*] Scroll down to Hidden files and folders.
  [*] Select Show hidden files and folders.
  [*] Uncheck Hide extensions of known file types.
  [*] UncheckHide protected operating system files (Recommended).
  [*] Click Yes when prompted.
  [*] Click OK.
  [*] Close My Computer.
  • 
    Here's an easy way to delete your prefetch -- Automatically!!
    1. 
       [1]. Go into My Computer> Local Drive (C)
       [2]. Right-click anywhere that a file is not and select the 'New' submenu and click 'Text Document'
       
       [3]. Name it deleteprefetch=
       [4]. Double-click on the text file you just created.
       5.] Type del C:\Windows\Prefetch\*.* /Q
       []6. Go to File > Save As... and choose "All Files" from the "Save as Type" box and save it as deleteprefetch.bat
       [7]. You just created a batch file that will automatically delete all the files in your Prefetch folder. Congrats.
    
    Reset Hidden/System Files & Folders
    ==========================================
    For removing the adons, but sure to look in both locations in this Ma nags addons, you will have to check both sections of the dialog box..