72 replies to this topic

[threeputt]

You helped me last year and I got infected again. I am signing in at my Dads account because I do not have that email address anymore. I have tried to run the gmer and it rebooted the computer. I tried to find it in safe mode and it did not show up. I can just wipe it clean if you think thats what I need to do. I have the Toshiba recovery disk to do that. This laptop runs so slow so I am posting this at another computer right now. I disabled the Microsoft antivirus for now and run a scan at ESET. It is running and has been for a few hours. I think it will take all night to scan so if we need to do the other steps please let me know. Thanks

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_26
Run by Cade The Man at 19:57:34 on 2011-09-27
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2045.1055 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100626,6683,0,6,0
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3
TCP: Interfaces\{646031D7-83A9-4B91-BAD5-FEF18D3436E8} : DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3
TCP: Interfaces\{EE5C7C68-C3F8-47D6-A98C-ABF7998BAE13} : DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cade the man\appdata\roaming\mozilla\firefox\profiles\rngaf3hb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2442061&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ANT&o=102821&locale=en_US&apn_uid=315694F1-A5E2-459E-BE6D-94E5B6C339BA&apn_ptnrs=4N&apn_sauid=3EAF863B-4900-4FF4-AF59-9BB3472EC251&apn_dtid=YYYYYYYYUS&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\cade the man\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\cade the man\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\cade the man\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-19 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-8 47640]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-1-15 6016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9952199440140;Google Update Service (gupdate1c9952199440140);c:\program files\google\update\GoogleUpdate.exe [2009-2-22 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-22 133104]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\drivers\secbulk.sys [2007-10-3 10430]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-09-27 23:40:32 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1330867f-cead-4ce3-a678-7820f546f0fc}\offreg.dll
2011-09-27 22:34:47 -------- d-----w- c:\users\cade the man\appdata\local\{D3629111-CCC4-48D6-BF55-C82028C9A8BA}
2011-09-27 22:34:38 -------- d-----w- c:\users\cade the man\appdata\local\{D5CCFA6B-7F45-47CD-A383-163166D611C0}
2011-09-27 01:37:19 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1330867f-cead-4ce3-a678-7820f546f0fc}\mpengine.dll
2011-09-27 01:30:45 -------- d-----w- c:\users\cade the man\appdata\local\{CB529382-1F09-4D6D-8116-90029AA1AAE3}
2011-09-27 01:30:40 -------- d-----w- c:\users\cade the man\appdata\local\{0CB19DFC-B0A8-49C9-95F0-4237C515843E}
2011-09-27 00:51:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-27 00:27:38 -------- d-----w- c:\users\cade the man\appdata\local\{E9923377-BC51-4CE7-B8F6-173239C4E155}
2011-09-21 12:50:13 -------- d-----w- c:\users\cade the man\appdata\local\{80058A05-2D27-4F21-AAF6-4DC0F3A238F5}
2011-09-21 12:49:52 -------- d-----w- c:\users\cade the man\appdata\local\{9A6835E9-283F-4E21-AAE9-57AA98895F73}
2011-09-19 20:30:01 -------- d-----w- c:\users\cade the man\appdata\local\{4C55FEA4-D316-40CF-A775-13174E83C25B}
2011-09-19 20:29:47 -------- d-----w- c:\users\cade the man\appdata\local\{0B94BCBD-06C6-41BB-8F34-06D1329BA577}
2011-09-19 16:14:11 -------- d-----w- c:\users\cade the man\appdata\local\{82495918-1C16-4564-BE65-A56D13D39F0B}
2011-09-19 16:13:55 -------- d-----w- c:\users\cade the man\appdata\local\{EBB9D905-D953-437E-BB55-3AF7BC611398}
2011-09-18 12:33:45 -------- d-----w- c:\users\cade the man\appdata\local\{2E47A3AC-8A8E-4D7A-908D-8CE445164233}
2011-09-18 12:33:38 -------- d-----w- c:\users\cade the man\appdata\local\{2C4CBC8A-5390-4CC9-9BC3-98F75D6D2125}
2011-09-16 08:16:06 -------- d-----w- c:\users\cade the man\appdata\local\{012D9DC1-AAB3-41B4-B201-89B554C4E28A}
2011-09-16 08:16:00 -------- d-----w- c:\users\cade the man\appdata\local\{7CBC008C-EF16-4841-8998-9DF1DEACD35F}
2011-09-16 08:10:36 0 ---ha-w- c:\users\cade the man\appdata\local\BITE8E.tmp
2011-09-15 17:01:46 -------- d-----w- c:\users\cade the man\appdata\local\{67580C86-F9E8-4319-BDEA-6D41F4C1663B}
2011-09-15 17:01:42 -------- d-----w- c:\users\cade the man\appdata\local\{1D676756-ADBC-4313-BB2B-CDE509137FB9}
2011-09-15 00:33:00 -------- d-----w- c:\users\cade the man\appdata\local\{55C31BD8-F23A-4A76-9C3A-86EC1F292D3E}
2011-09-15 00:32:57 -------- d-----w- c:\users\cade the man\appdata\local\{86BC4842-F6FC-4A77-8969-428F079D6B2E}
2011-09-13 15:02:49 -------- d-----w- c:\users\cade the man\appdata\local\{34AC416B-5407-4CF8-9A64-1E043F243490}
2011-09-13 15:02:35 -------- d-----w- c:\users\cade the man\appdata\local\{2745C1C0-A88A-4E82-A52D-73A06CF37030}
2011-09-12 00:54:01 -------- d-----w- c:\users\cade the man\appdata\local\{7B77B1C2-B33A-4382-810B-CEA3EEF42462}
2011-09-12 00:53:47 -------- d-----w- c:\users\cade the man\appdata\local\{210C82A8-75BE-4EE9-B5AE-D35C879AF94A}
2011-09-11 00:09:46 -------- d-----w- c:\users\cade the man\appdata\local\{5235D285-4C47-43DC-8C54-C05AB6FB99F1}
2011-09-11 00:09:37 -------- d-----w- c:\users\cade the man\appdata\local\{572E3F43-6B82-455C-B8B6-1A21C079B3C6}
2011-09-10 12:34:11 -------- d-----w- c:\users\cade the man\appdata\local\{40376A5B-B02D-469F-A088-8860F002EC2D}
2011-09-10 12:33:59 -------- d-----w- c:\users\cade the man\appdata\local\{D7C52441-6350-4D4E-BD17-BC371967557C}
2011-09-06 20:50:49 -------- d-----w- c:\users\cade the man\appdata\local\{4B35D0ED-5D3E-440E-B0A0-4DBFB353339B}
2011-09-06 20:50:31 -------- d-----w- c:\users\cade the man\appdata\local\{D37C9FC0-E754-499E-9B99-FB6671B7B5B6}
2011-09-05 01:45:28 -------- d-----w- c:\users\cade the man\appdata\local\{D1413948-B9EC-47EB-BF24-B80FECC1D28A}
2011-09-05 01:45:14 -------- d-----w- c:\users\cade the man\appdata\local\{65180942-5F92-4427-8A86-F9F23014832C}
2011-09-02 15:43:03 -------- d-----w- c:\users\cade the man\appdata\local\{459E1B66-610C-45A5-98C0-BA5953F3BE90}
2011-09-02 15:42:37 -------- d-----w- c:\users\cade the man\appdata\local\{87AB6E14-D995-4D7A-AD9A-C4428D19EE00}
2011-09-01 13:18:05 -------- d-----w- c:\users\cade the man\appdata\local\{98A8694C-DFC7-49D6-A894-0A6DF9D5A36A}
2011-09-01 13:18:00 -------- d-----w- c:\users\cade the man\appdata\local\{D9CF1DB3-D17B-47EF-A711-2CAF2ED52BFD}
2011-08-29 03:30:20 -------- d-----w- c:\users\cade the man\appdata\local\{BF5FB38F-4E3A-4FAF-BF0E-77996994C618}
2011-08-29 03:28:41 -------- d-----w- c:\users\cade the man\appdata\local\{B0729EEE-057A-45B9-960C-5710793DDB18}
.
==================== Find3M ====================
.
2011-09-27 01:32:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 19:59:35.79 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2007 4:38:19 PM
System Uptime: 9/27/2011 6:48:26 PM (1 hours ago)
.
Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB
Processor: Intel® Core™2 CPU T5300 @ 1.73GHz | U2E1 | 800/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 25.583 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 94.48 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
3D Canvas
ACDSee 10 Photo Manager
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Advanced IP Scanner v1.5
AoA DVD Ripper
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Autodesk MapGuide® Viewer ActiveX Control Release 6.5
Bing Bar
Blackhawk Striker 2
Bluetooth Stack for Windows by Toshiba
Bomgar Representative Console [remote.sacsinc.com]
Bonjour
Business Contact Manager for Outlook 2007 SP2
Camera Assistant Software for Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
CoffeeCup Free HTML Editor
CoffeeCup HTML Editor 2008
ConvertXtoDVD 4.0.12.327
D3DX10
Data Lifeguard Diagnostic for Windows
Desktop Dialer
DHTML Editing Component
Driver Detective
DVD MovieFactory for TOSHIBA
DynoPlex eOffice
emPager Pro
ESET Online Scanner v3
Facebook Plug-In
FATE
Feedback Tool
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HW Illumination 1.21 Beta
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java™ 6 Update 26
JEOPARDY
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Marvell Miniport Driver
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft FrontPage Client - English
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Microsoft XML Parser
MioTransfer
MobileMe Control Panel
Monogram Wizard Plus
Monogram Wizard Plus V2.5 R15v
Mozilla Firefox (3.6.21)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix Movie Viewer
NVIDIA Drivers
Nvu 1.0
OGA Notifier 2.0.0048.0
Paint.NET v3.5.8
Protector Suite QL 5.6
QuickTime
Realtek High Definition Audio Driver
SCRABBLE
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skype™ 4.1
SmartDraw VP
Spelling Dictionaries Support For Adobe Reader 8
SPORE™
Station Launcher
Stitch Era 10
SUPERAntiSpyware Free Edition
Sweet Home 3D version 3.0
Synaptics Pointing Device Driver
SyncToy 2.0 Beta
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TransMac version 8.1
UltraVNC v1.0.2
Uniblue SpeedUpMyPC 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Verizon Mobile Broadband Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio .NET Academic 2003 - English
Visual Studio.NET Baseline - English
Weather Message Net
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Messaging
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinDVD for TOSHIBA
WOT for Internet Explorer
Xvid 1.1.3 final uninstall
.
==== End Of File ===========================

[threeputt]

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-27 20:06:40
-----------------------------
20:06:40.132 OS Version: Windows 6.0.6002 Service Pack 2
20:06:40.132 Number of processors: 2 586 0xF02
20:06:40.132 ComputerName: CADEMAN UserName:
20:06:42.737 Initialize success
20:07:12.117 The log file has been saved successfully to "C:\Users\Cade The Man\Desktop\aswMBR.txt"

[Broni]

Which tool you can't run?
GMER?
What happens?

Can you run aswMBR?

What are computer's issues?

[threeputt]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7804
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406
9/26/2011 8:21:32 PM
mbam-log-2011-09-26 (20-21-32).txt
Scan type: Quick scan
Objects scanned: 226966
Time elapsed: 19 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\opencloud security (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\cade the man\AppData\Local\temp\001c187f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\0696f104.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\06b7e68a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\gdfstr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\temp\intrau3.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Windows\temp\kjghsad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\local settings\temporary internet files\Content.IE5\3MBMTD5A\ex[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\local settings\temporary internet files\Content.IE5\FQ4PJCWM\ex[1].htm (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\local settings\temporary internet files\Content.IE5\H51UY6PQ\ex[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\Desktop\opencloud security.lnk (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\opencloud security\opencloud security.lnk (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\opencloud security\opencloud security.exe (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.

[Broni]

When you have a chance:

Quote

Which tool you can't run?
GMER?
What happens?

Can you run aswMBR?

What are computer's issues?

[threeputt]

The problem is the computer has slowed to a crawl. I added more ram after you helped me last november and it has run great since. Now it is trashed again after the 12 year old played games I think. GMER is the one that would not run. I thought I had posted the aswMBR. Let me go over to the laptop and try again.

[threeputt]

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-27 20:24:33
-----------------------------
20:24:33.291 OS Version: Windows 6.0.6002 Service Pack 2
20:24:33.291 Number of processors: 2 586 0xF02
20:24:33.291 ComputerName: CADEMAN UserName:
20:24:34.196 Initialize success
20:24:38.088 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
20:24:38.088 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7DP Size: 114473MB BusType: 3
20:24:38.104 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
20:24:38.104 Disk 1 Vendor: Hitachi_HTS541616J9SA00 SB4OC7DP Size: 152627MB BusType: 3
20:24:40.147 Disk 0 MBR read successfully
20:24:40.147 Disk 0 MBR scan
20:24:40.163 Disk 0 Windows VISTA default MBR code
20:24:40.178 Disk 0 scanning sectors +234434560
20:24:40.241 Disk 0 scanning C:\Windows\system32\drivers
20:24:48.322 Service scanning
20:24:50.381 Modules scanning
20:24:57.713 Disk 0 trace - called modules:
20:24:57.744 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:24:57.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a458e0]
20:24:58.290 3 CLASSPNP.SYS[88dd58b3] -> nt!IofCallDriver -> [0x8448f580]
20:24:58.306 5 acpi.sys[8864a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x85216660]
20:24:58.337 Scan finished successfully
20:25:28.226 Disk 0 MBR has been saved successfully to "C:\Users\Cade The Man\Desktop\MBR.dat"
20:25:28.242 The log file has been saved successfully to "C:\Users\Cade The Man\Desktop\aswMBRnew.txt"

[Broni]

Well, it looks like you collected quite a bit, judging from MBAM log alone.

Uninstall Ask Toolbar, typical foistware.

Then....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• Click the Report tab, then click Scan.
  
• Check Drivers, Stealth, and uncheck the rest.
  
• Click OK.
  
• Wait until it's finished and then go to File > Save Report.
  
• Save the report to your Desktop.
  
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

============================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  
• An icon will be created on your desktop. Double-click that icon to launch the program.
  
• Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superanti...efinitions.html.)
  
• Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

• Open SUPERAntiSpyware.
  
• Click on "Preferences" button.
  
• Click the "Scanning Control" tab.
  
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  
  • Close browsers before scanning.
• Click the "Home" button to leave the control center screen.
  
• Back on the main screen checkmark "Complete scan" and click "Scan your computer".
  
• Click "Next" to start the scan. Please be patient while it scans your computer.
  
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  
• Make sure everything has a checkmark next to it and click "Next".
  
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  
• If asked if you want to reboot, click "Yes".
  
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  
  • Click Preferences, then click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    
  • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

[threeputt]

Which tool you can't run?
GMER?
What happens
GMER
The program starts running and then the computer will reboot. It actually runs for about 5 minutes before it restarts. I am sorry for the confusion. I am working between two computers because the laptop runs so slow.

[Broni]

That's fine.
Go ahead with my previous reply.
You can post RKUnhooker log before you proceed with Super.

[threeputt]

running the rootkit unhooker now

[threeputt]

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D80B000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 4452352 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.59 )
0x8283F000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x8283F000 PnpManager 3846144 bytes
0x8283F000 RAW 3846144 bytes
0x8283F000 WMIxWDM 3846144 bytes
0x8DDBC000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x990B0000 Win32k 2113536 bytes
0x990B0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E565000 C:\Windows\system32\drivers\RTKVHDA.sys 1736704 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8F408000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x88C0F000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8887B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x889EC000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x884D9000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA0AF2000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA0809000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8DC4A000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8DCF6000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E406000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x885B9000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8880A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8840F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA0910000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F705000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0xA0A81000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x88EC5000 C:\Windows\system32\drivers\tifm21.sys 311296 bytes (Texas Instruments, tifm21.sys)
0x886EB000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F615000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x88642000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x88498000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x88AF1000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x88E5A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E4CB000 C:\Windows\system32\DRIVERS\NWADIenum.sys 249856 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0x8F6BF000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x889B1000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA0A08000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88D1F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8DD83000 C:\Windows\system32\DRIVERS\yk60x86.sys 233472 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x8E51F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8280C000 ACPI_HAL 208896 bytes
0x8280C000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8E7CA000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x887AD000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F5E3000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88FB7000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x88F3E000 C:\Windows\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8874A000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8E70D000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88986000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E4A1000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA08C9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA0A59000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88D74000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x88699000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8E7A4000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8E73A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8F694000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 151552 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x88D9B000 C:\Windows\System32\DRIVERS\fvevol.sys 147456 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8F531000 C:\Windows\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x88B49000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88DD0000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA09C8000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F7B3000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x88F96000 C:\Windows\system32\DRIVERS\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA09E9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8878F000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA097D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x88AD6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8E789000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x88F11000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xA099A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x88F78000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA0A41000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F760000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x88B32000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F77B000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA0AD0000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F65D000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F5B9000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA09B3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x88B80000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x88B6C000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F5CF000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x88F2B000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA08FD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F681000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88DBF000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E75F000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8E554000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8847F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x887DF000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F79B000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA08B9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88777000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x88EA7000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E48F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x88E47000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8E77A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88D65000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x886C0000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x88C00000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x88E98000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x886DC000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x88EB7000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x992F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F673000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F5A2000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8873C000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8F7D4000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F524000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8E512000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88635000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x88B95000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xA0BDA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA0BF3000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8F57B000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8DCEA000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x88DFA000 C:\Users\CADETH~1\AppData\Local\Temp\aswMBR.sys 45056 bytes
0x8F7E1000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8D800000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x88F6D000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F597000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x88FF1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x88FE6000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xA0BE8000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x88E2B000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8DFEB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x886D2000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8E770000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xA0AE8000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x8E508000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA08F3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F6FB000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA0BD0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8F56B000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x88DF1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F554000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F792000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8F5B0000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x992D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88E36000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88688000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88787000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x88490000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8F7EC000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x88E3F000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x8F7AB000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x88691000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F587000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F58F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88D5D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8F7F4000 C:\Windows\System32\Drivers\tcusb.sys 32768 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0x8F564000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F574000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88735000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x88408000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA0800000 C:\Users\CADETH~1\AppData\Local\Temp\mbr.sys 28672 bytes
0x8F55D000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x88F90000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F6B9000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x99320000 C:\Windows\System32\lmimirr.dll 20480 bytes (LogMeIn, Inc., LogMeIn Mirror Driver)
0x88D58000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8F777000 C:\Windows\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0x88E56000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8DFF8000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0x886CF000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x99330000 C:\Windows\System32\lmimirr2.dll 8192 bytes (LogMeIn, Inc., LogMeIn Video Helper)
0x8E49F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8DFF6000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xA0BE6000 C:\Windows\System32\Drivers\vnccom.SYS 8192 bytes (RDV Soft, VNC Communication)
0x8DFFD000 C:\Windows\system32\DRIVERS\vncdrv.sys 8192 bytes (RDV Soft, Ultravnc Mirror Driver)
0x8DFFC000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
==============================================
>Stealth
==============================================

[Broni]

Looks clean. Go ahead with Super.
Did you uninstall Ask Toolbar?

[threeputt]

superantispyware is running now. Yes I just uninstalled the Ask Toolbar. Not sure how that got installed but its gone now. Back with a log shortly

[Broni]

Ask Toolbar is usually a "drive-by-install".

[threeputt]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/27/2011 at 08:53 PM
Application Version : 5.0.1128
Core Rules Database Version : 7733
Trace Rules Database Version: 5545
Scan type : Quick Scan
Total Scan Time : 00:08:12
Operating System Information
Windows Vista Ultimate 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 681
Memory threats detected : 0
Registry items scanned : 30732
Registry threats detected : 0
File items scanned : 8918
File threats detected : 525
Adware.Tracking Cookie
C:\Users\Cade The Man\AppData\Roaming\Microsoft\Windows\Cookies\cade_the_man@ad.wsod[1].txt [ /ad.wsod ]
C:\Users\Cade The Man\AppData\Roaming\Microsoft\Windows\Cookies\cade_the_man@ad.wsod[2].txt [ /ad.wsod ]
C:\Users\Cade The Man\AppData\Roaming\Microsoft\Windows\Cookies\cade_the_man@atdmt[2].txt [ /atdmt ]
C:\Users\Cade The Man\AppData\Roaming\Microsoft\Windows\Cookies\cade_the_man@doubleclick[1].txt [ /doubleclick ]
C:\Users\Cade The Man\AppData\Roaming\Microsoft\Windows\Cookies\cade_the_man@eset.122.2o7[1].txt [ /eset.122.2o7 ]
C:\USERS\CADE THE MAN\Cookies\cade_the_man@doubleclick[1].txt [ Cookie:cade the man@doubleclick.net/ ]
C:\USERS\CADE THE MAN\Cookies\cade_the_man@atdmt[2].txt [ Cookie:cade the man@atdmt.com/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@doubleclick[2].txt [ Cookie:guest@doubleclick.net/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@adecn[1].txt [ Cookie:guest@adecn.com/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@invitemedia[1].txt [ Cookie:guest@invitemedia.com/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@msnportal.112.2o7[1].txt [ Cookie:guest@msnportal.112.2o7.net/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@content.yieldmanager[1].txt [ Cookie:guest@content.yieldmanager.com/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@synacortoshiba.112.2o7[1].txt [ Cookie:guest@synacortoshiba.112.2o7.net/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@realmedia[1].txt [ Cookie:guest@realmedia.com/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@adbrite[2].txt [ Cookie:guest@adbrite.com/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[1].txt [ Cookie:guest@advertising.com/ ]
C:\USERS\GUEST\Cookies\guest@doubleclick[2].txt [ Cookie:guest@doubleclick.net/ ]
C:\USERS\GUEST\Cookies\guest@adecn[1].txt [ Cookie:guest@adecn.com/ ]
C:\USERS\GUEST\Cookies\guest@invitemedia[1].txt [ Cookie:guest@invitemedia.com/ ]
C:\USERS\GUEST\Cookies\guest@msnportal.112.2o7[1].txt [ Cookie:guest@msnportal.112.2o7.net/ ]
C:\USERS\GUEST\Cookies\guest@content.yieldmanager[1].txt [ Cookie:guest@content.yieldmanager.com/ ]
C:\USERS\GUEST\Cookies\guest@synacortoshiba.112.2o7[1].txt [ Cookie:guest@synacortoshiba.112.2o7.net/ ]
C:\USERS\GUEST\Cookies\guest@realmedia[1].txt [ Cookie:guest@realmedia.com/ ]
C:\USERS\GUEST\Cookies\guest@adbrite[2].txt [ Cookie:guest@adbrite.com/ ]
C:\USERS\GUEST\Cookies\guest@advertising[1].txt [ Cookie:guest@advertising.com/ ]
.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.specificmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.specificmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.timeinc.122.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
tracking.waterfrontmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ihg.db.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.nextag.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.bravenet.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.target.db.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
counter.hitslink.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.walmart.112.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
data.coremetrics.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
d.mediaforge.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.amazonmerchants.122.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjnyogajgao.stats.esomniture.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcmicpdpagp.stats.esomniture.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
s08.flagcounter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4cmdjicq.stats.esomniture.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfmyajcpkdo.stats.esomniture.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.stats.ebay.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.granitecountertopbirmingham.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.granitecountertopbirmingham.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.granitecountertopbirmingham.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.granitecountertopbirmingham.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.granitecountertops.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.granitecountertops.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.galleryinsight.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.galleryinsight.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.galleryinsight.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.galleryinsight.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.galleryinsight.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.galleryinsight.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.galleryinsight.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.galleryinsight.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.fedex.122.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.clickscape.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.clickscape.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
clickscape.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
go.clickscape.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
clickscape.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
clickscape.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
clickscape.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.charter.122.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
web4.realtracker.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.irwdev.122.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media.causes.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media.causes.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media.causes.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media.causes.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media.causes.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media.causes.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ehg-verizon.hitbox.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ehg-verizon.hitbox.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.pagetrackr.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.pagetrackr.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkycjajmbq.stats.esomniture.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ppg.122.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
citi.bridgetrack.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
citi.bridgetrack.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.tmobile.db.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.doorknobdiscountcenter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.doorknobdiscountcenter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.doorknobdiscountcenter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.mediaarmor.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
accounts.covers.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.hyundaimotoramerica.122.2o7.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.clickmanage.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.clickmanage.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.shopica.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.find-fast-answers.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
bridge2.admarketplace.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.admarketplace.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
hc2.humanclick.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
counter.surfcounters.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.myaccount.charter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.myaccount.charter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
www.myaccount.charter.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.ehg-chartercommunications.hitbox.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.kanoodle.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.wjadserver.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.wjadserver.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.wjadserver.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.wjadserver.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.wjadserver.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.wjadserver.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.wjadserver.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.wjadserver.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]
stats.adotube.com [ C:\USERS\CADE THE MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNGAF3HB.DEFAULT\COOKIES.SQLITE ]

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  
  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• Do not reboot until instructed.
  
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
.

[threeputt]

You are infected with Rootkit zero access , message I got when running combofix. It looks as combofix has stalled. I will wait and see. It may be tomorrow if this takes a while. Back later with more logs

[Broni]

Update me in a while.

[threeputt]

ComboFix 11-09-27.04 - Cade The Man 09/27/2011 21:49:24.3.2 - x86
Running from: c:\users\Cade The Man\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cade The Man\AppData\Local\ApplicationHistory
c:\users\Cade The Man\AppData\Local\ApplicationHistory\devenv.exe.6262e30a.ini
c:\users\Cade The Man\AppData\Local\ApplicationHistory\onplay.exe.6176e337.ini
c:\windows\$NtUninstallKB34713$
c:\windows\$NtUninstallKB34713$\2389153736
c:\windows\$NtUninstallKB34713$\855722855\@
c:\windows\$NtUninstallKB34713$\855722855\bckfg.tmp
c:\windows\$NtUninstallKB34713$\855722855\cfg.ini
c:\windows\$NtUninstallKB34713$\855722855\Desktop.ini
c:\windows\$NtUninstallKB34713$\855722855\keywords
c:\windows\$NtUninstallKB34713$\855722855\kwrd.dll
c:\windows\$NtUninstallKB34713$\855722855\L\fomtmfeh
c:\windows\$NtUninstallKB34713$\855722855\lsflt7.ver
c:\windows\$NtUninstallKB34713$\855722855\U\00000001.@
c:\windows\$NtUninstallKB34713$\855722855\U\00000002.@
c:\windows\$NtUninstallKB34713$\855722855\U\80000000.@
c:\windows\$NtUninstallKB34713$\855722855\U\80000032.@
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SydexFDD
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 03:07 . 2011-09-28 03:07 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1330867F-CEAD-4CE3-A678-7820F546F0FC}\offreg.dll
2011-09-28 03:04 . 2011-09-28 03:08 -------- d-----w- c:\users\Cade The Man\AppData\Local\temp
2011-09-28 03:04 . 2011-09-28 03:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-09-28 03:04 . 2011-09-28 03:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-28 03:04 . 2011-09-28 03:04 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-09-27 01:37 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1330867F-CEAD-4CE3-A678-7820F546F0FC}\mpengine.dll
2011-09-27 00:51 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-16 08:10 . 2011-09-16 08:10 0 ---ha-w- c:\users\Cade The Man\AppData\Local\BITE8E.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 01:32 . 2011-05-29 01:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00 . 2009-11-21 01:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 22:34 . 2011-08-22 22:34 0 ---ha-w- c:\users\Cade The Man\AppData\Local\BIT752.tmp
2011-08-14 18:28 . 2011-08-14 18:28 0 ---ha-w- c:\users\Cade The Man\AppData\Local\BITD25F.tmp
2011-08-12 02:44 . 2010-11-10 05:03 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-07 17:33 . 2011-08-07 17:33 0 ---ha-w- c:\users\Cade The Man\AppData\Local\BITDF8C.tmp
2011-08-05 16:41 . 2011-08-05 16:41 0 ---ha-w- c:\users\Cade The Man\AppData\Local\BITE06F.tmp
2011-07-31 14:07 . 2011-07-31 14:07 0 ---ha-w- c:\users\Cade The Man\AppData\Local\BIT4608.tmp
2011-07-27 00:23 . 2011-07-27 00:23 0 ---ha-w- c:\users\Cade The Man\AppData\Local\BITA5A0.tmp
2011-07-19 23:28 . 2011-07-19 23:28 0 ---ha-w- c:\users\Cade The Man\AppData\Local\BITEC11.tmp
2011-07-11 13:25 . 2011-08-25 01:39 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 02:26 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2007-09-12 16:19 . 2007-08-15 11:33 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 16:22 . 2007-08-15 11:33 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2006-12-03 23:58 . 2008-07-30 14:09 864768 ----a-w- c:\program files\mozilla firefox\components\pbgk1_8.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bomgar Representative Console [remote.sacsinc.com].lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bomgar Representative Console [remote.sacsinc.com].lnk
backup=c:\windows\pss\Bomgar Representative Console [remote.sacsinc.com].lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-01-17 21:46 534648 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 16:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emPagerProClient]
2009-12-25 22:49 144384 ----a-w- c:\program files\emPagerPro\emPagerClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emPagerProServer]
2009-12-25 22:49 261632 ----a-w- c:\program files\emPagerPro\emPagerServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-14 01:32 136176 ----atw- c:\users\Cade The Man\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1107295996-970171348-1172668507-1015]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl307ebd58;MpKsl307ebd58;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{477931FC-8008-4E34-9090-905A29898603}\MpKsl307ebd58.sys [x]
R1 MpKsl42b645fd;MpKsl42b645fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1BA8CC6F-ACEF-49A9-AD1B-7C34586D6C9F}\MpKsl42b645fd.sys [x]
R1 MpKsl5444146c;MpKsl5444146c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{645307C6-BCF3-401D-914A-B369E1C3530D}\MpKsl5444146c.sys [x]
R1 MpKsl5a11a61a;MpKsl5a11a61a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{374896C5-A337-4431-91A0-879C0DE436EA}\MpKsl5a11a61a.sys [x]
R1 MpKsl7218d073;MpKsl7218d073;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5A7B120-807D-47DE-8E49-C2C75D84B980}\MpKsl7218d073.sys [x]
R1 MpKsl8761ba64;MpKsl8761ba64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB340D46-B8A2-4174-8461-1A6D69449CCF}\MpKsl8761ba64.sys [x]
R1 MpKslb092ffac;MpKslb092ffac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{477931FC-8008-4E34-9090-905A29898603}\MpKslb092ffac.sys [x]
R1 MpKslc2d40dfc;MpKslc2d40dfc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54708DCD-18C8-4387-B1F4-7A5AF4868287}\MpKslc2d40dfc.sys [x]
R1 MpKslce6d8e5a;MpKslce6d8e5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{374896C5-A337-4431-91A0-879C0DE436EA}\MpKslce6d8e5a.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9952199440140;Google Update Service (gupdate1c9952199440140);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 CrucialSMBusScan;CrucialSMBusScan;c:\users\CADETH~1\AppData\Local\Temp\CrucialSMBusScan_V32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2010-07-08 20480]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 176384]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 176384]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 176384]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [x]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
R3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\Drivers\SECBULK.sys [2007-10-04 10430]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-05-27 47360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-28 16:05]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 19:12]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 19:12]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107295996-970171348-1172668507-1015Core.job
- c:\users\Cade The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 01:32]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107295996-970171348-1172668507-1015UA.job
- c:\users\Cade The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 01:32]
.
2011-09-28 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-04-06 17:29]
.
2010-12-18 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-09 14:50]
.
2010-10-28 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-09 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100626,6683,0,6,0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3
FF - ProfilePath - c:\users\Cade The Man\AppData\Roaming\Mozilla\Firefox\Profiles\rngaf3hb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2442061&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - msn.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-27 22:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????9:?7??????8???p?????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1107295996-970171348-1172668507-1015\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:ec,f9,e7,7e,cc,3e,b1,49,5d,bb,19,03,5a,50,82,f4,e3,b1,d7,3f,6e,
b9,64,1a,9d,86,bc,0a,d7,1f,ab,c0,7c,57,08,f7,1f,14,fb,be,cf,ca,04,3c,d9,50,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4028)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-09-27 22:18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-28 03:18
.
Pre-Run: 27,577,970,688 bytes free
Post-Run: 27,407,355,904 bytes free
.
- - End Of File - - 8D3F9CFF4EA57EE00F038E9E466116A6