audio skipping, slow performance

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

audio skipping, slow performance

#1 davidb79

New Member

Group: Members
Posts: 8
Joined: 31-January 12

Posted 01 February 2012 - 12:09 AM

Recently, my computer began to boot up extremely slowly, and when it finally booted, I would get a pop up window saying that Zone Alarm was initializing and that would stay up for several minutes, then things would open normally. After this had gone on for a few weeks, I decided to uninstall and reinstall Zone Alarm and Avast. When I did this, I no longer got the "initializing" screen for ZA, but I noticed my computer seemed to be bogged down much worse than before. If I'm listening to any audio--it doesn't matter how, it can be Winamp, Youtube, any and all sounds/audio--I get this annoying "skipping" sound that sounds similar to a CD skipping every 10-20 seconds or so. I don't think this is just audio-related, as if I open Notepad and hold down a key, I can see the text "skip" at the same time the audio does. Also, in Chrome when I open a new tab, there is often a long delay before it will load the page. In addition, I have noticed Youtube videos seem to load extremely slowly, much slower than they do on my phone which is using the same wi-fi connection. And, sometimes there will be VERY long delays between when I click on a program or a folder and when it opens.

I have uninstalled any unnecessary programs, I have limited start-up process to the bare minimum, but nothing helps the problem. One other side effect is that Malewarebytes would never start up. I could install it, update it, but it wouldn't open. I used Spybot and Avast to scan my computer and they didn't find any issues other than (with Spybot) a few browser entries.

I was talking to my brother and he recommended Combofix, so I ran that (now reading this forum, I realize I wasn't supposed to do that without someone telling me to...sorry). After running it, Malewarebytes opened! I thought the problem was solved, but no, I still have the same issues. The only thing that has been fixed is Malewarebytes now opens.

So, I'm turning to the forum. Below and attached is the information requested in the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" thread. By the way, when I was running the rootkit scan, all the boxes above "services" were greyed out, so I could not select them. If I did something wrong and should re-run it, please let me know. If you would like to see my initial Combofix log, let me know as well. I greatly appreciate any help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by David at 22:55:04 on 2012-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2231 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02BAA316-428C-44B2-A8D9-853C0DEB3C6D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02BAA316-428C-44B2-A8D9-853C0DEB3C6D}\2414B4542502E4544575F425B4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02BAA316-428C-44B2-A8D9-853C0DEB3C6D}\2656C6B696E6E2567343 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02BAA316-428C-44B2-A8D9-853C0DEB3C6D}\26F696E676F60286F6473707F647 : DhcpNameServer = 10.1.0.2 66.103.80.4 66.103.64.4
TCP: Interfaces\{02BAA316-428C-44B2-A8D9-853C0DEB3C6D}\5416379724F687D2831314634353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02BAA316-428C-44B2-A8D9-853C0DEB3C6D}\C66786F6D656 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6kq33ib4.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6kq33ib4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6kq33ib4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6kq33ib4.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6kq33ib4.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6kq33ib4.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: OPML Support: {9458ca25-39fd-4ba8-9520-acc5c0d877b6} - %profile%\extensions\{9458ca25-39fd-4ba8-9520-acc5c0d877b6}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-22 44768]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-8-26 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-8-26 55296]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-1 648432]
R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-01 03:31:33 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2012-02-01 03:31:33 652288 ----a-w- C:\Windows\System32\ctapo64.dll
2012-02-01 03:31:33 511488 ----a-w- C:\Windows\System32\ctapo32.dll
2012-02-01 03:31:33 431104 ----a-w- C:\Windows\System32\AESTEC64.dll
2012-02-01 03:31:32 165888 ----a-w- C:\Windows\System32\AESTAC64.dll
2012-02-01 03:31:31 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2012-02-01 03:31:31 57856 ----a-w- C:\Windows\System32\ctppld64.dll
2012-02-01 03:31:31 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-02-01 03:31:31 3593216 ----a-w- C:\Windows\System32\stlang64.dll
2012-02-01 03:31:31 12151808 ----a-w- C:\Windows\System32\idtcpl64.cpl
2012-02-01 00:55:27 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-01 00:55:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-01 00:35:53 -------- d-----w- C:\$RECYCLE.BIN
2012-02-01 00:18:53 98816 ----a-w- C:\Windows\sed.exe
2012-02-01 00:18:53 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-01 00:18:53 256000 ----a-w- C:\Windows\PEV.exe
2012-02-01 00:18:53 208896 ----a-w- C:\Windows\MBR.exe
2012-01-31 03:33:08 -------- d-----w- C:\Users\David\AppData\Local\SoftThinks
2012-01-27 23:17:04 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{07A53E1F-7581-40AC-84C7-3CB33B318E48}\mpengine.dll
2012-01-27 23:06:58 -------- d-----w- C:\Windows\pss
2012-01-22 23:56:03 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-01-22 23:56:01 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-01-22 23:56:00 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-01-22 23:56:00 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-01-22 23:56:00 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-01-22 23:56:00 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2012-01-22 23:55:59 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-01-22 23:55:59 31232 ----a-w- C:\Windows\System32\lsass.exe
2012-01-22 23:55:58 395776 ----a-w- C:\Windows\System32\webio.dll
2012-01-22 23:55:58 28160 ----a-w- C:\Windows\System32\secur32.dll
2012-01-22 23:55:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-01-22 23:55:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2012-01-22 23:55:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-01-22 23:55:57 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2012-01-22 23:03:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-01-22 23:03:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-01-22 17:10:25 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-01-22 17:10:22 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-01-22 17:10:05 41184 ----a-w- C:\Windows\avastSS.scr
2012-01-22 17:09:57 -------- d-----w- C:\Program Files\AVAST Software
2012-01-22 16:58:32 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-01-10 23:37:57 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-10 23:37:56 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-10 23:37:56 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-10 23:37:56 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-10 23:37:48 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-10 23:37:48 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-10 23:37:37 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-10 23:37:37 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-03 13:22:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:22:02 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-07 15:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-20 15:09:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:59:34.77 ===============

Attached File(s)

Attach.txt (11.7K)
Number of downloads: 0
ark.txt (72.73K)
Number of downloads: 1

#2 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 04 February 2012 - 03:32 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#3 davidb79

New Member

Group: Members
Posts: 8
Joined: 31-January 12

Posted 04 February 2012 - 11:26 PM

Thanks for your response, M0le. Yes, I am here and I have a few updates since my initial post.

I'm starting to wonder if this is a hard disk problem. When I was backing up my files last weekend, I received an I/O device error when copying a few mp3 files. I stopped the copy process and started it over again, skipping my music folder. At various times I would check on the progress and see it was copying at a very low speed, sometimes under 1 MB/sec. I started it over a few times and it would speed back up and eventually finished. I never did end up finishing the music folder (I've backed it up previously so I'm not worried about it).

The other day, I started up my computer, gave it some time to boot, then tried to start Chrome and it froze for a minute or 2, then I got a blue screen error and a reboot. When the system came back up, I did scans with Malewarebytes, Spybot and Avast. MWB found nothing, Spybot found a few browser cookies, and Avast found nothing, but it did say that two files could not be scanned because of I/O device error 1117. The two files were the same mp3 files for which I received the error when trying to copy over the weekend.

When I was at work on Friday, I had my wife run a disc check for me. I couldn't be there to see everything that went on, but she reported a few things:

4 times: file record segment 106208 (different number for each one) is unreadable
4 bad file records processed
deleted an index entry from index $0 of file 25
deleted the index entry of at least one of the mp3 files I had a problem with

Ran the check a second time and it didn't find any problems. Afterwards, the system is running much faster, but I still have the audio skipping problem. That's where I currently stand. I will refrain from making any changes or doing any scans unless you direct me to. Thanks for your help!

#4 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 07:03 AM

When I picked this topic up the title did say "non-malware" to me and what you describe further suggests it.

Can you find the Combofix log and post it?

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#5 davidb79

New Member

Group: Members
Posts: 8
Joined: 31-January 12

Posted 05 February 2012 - 10:40 AM

Sure, here it is:

ComboFix 12-01-30.02 - David 01/31/2012 19:21:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2395 [GMT -5:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\_db_big20100906.zip
c:\favoritevideo\InvisibleFolder\mir.dll
c:\favoritevideo\InvisibleFolder\pptvsetup_2.5.5.0019_s.exe
c:\favoritevideo\InvisibleFolder\productupdate.dll
c:\favoritevideo\InvisibleFolder\VideoCommendModule.dll
c:\users\David\Documents\~past20110501.pst.tmp
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 00:33 . 2012-02-01 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 03:33 . 2012-01-31 03:33 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-01-31 03:33 . 2012-01-31 03:33 -------- d-----w- c:\users\David\AppData\Local\SoftThinks
2012-01-30 23:04 . 2012-01-30 23:04 -------- d-----w- c:\program files\iPod
2012-01-30 23:04 . 2012-01-30 23:05 -------- d-----w- c:\program files\iTunes
2012-01-30 23:02 . 2012-01-30 23:02 -------- d-----w- c:\program files\Bonjour
2012-01-30 23:02 . 2012-01-30 23:02 -------- d-----w- c:\program files (x86)\Bonjour
2012-01-30 22:57 . 2012-01-30 22:57 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-01-22 23:56 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-22 23:56 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-22 23:56 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 23:56 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-22 23:56 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-22 23:56 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-22 23:55 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-22 23:55 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-22 23:55 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-22 23:55 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-22 23:55 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-22 23:55 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-22 23:55 . 2011-11-17 06:35 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-22 23:55 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-22 23:03 . 2012-01-23 00:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-22 23:03 . 2012-01-22 23:06 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-22 17:10 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-22 17:10 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-22 17:10 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-22 17:10 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-22 17:10 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-22 17:10 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-22 17:10 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-22 17:10 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-22 17:09 . 2012-01-22 17:09 -------- d-----w- c:\program files\AVAST Software
2012-01-22 16:58 . 2012-01-22 17:04 -------- d-----w- c:\program files (x86)\CheckPoint
2012-01-10 23:37 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 23:37 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 23:37 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-10 23:37 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-10 23:37 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 23:37 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-10 23:37 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-10 23:37 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 05:15 . 2012-01-27 23:17 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07A53E1F-7581-40AC-84C7-3CB33B318E48}\mpengine.dll
2011-12-07 15:39 . 2010-01-25 23:06 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-28 18:01 . 2011-05-26 02:30 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-24 04:52 . 2011-12-14 23:44 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 15:09 . 2011-07-28 21:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:41 . 2011-12-14 23:45 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 23:44 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 23:45 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 23:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 23:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 23:45 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-07-16 648432]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131292542-2857520787-216392192-1001Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 20:54]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131292542-2857520787-216392192-1001UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 20:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.2.1
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6kq33ib4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: OPML Support: {9458ca25-39fd-4ba8-9520-acc5c0d877b6} - %profile%\extensions\{9458ca25-39fd-4ba8-9520-acc5c0d877b6}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-01-31 19:45:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 00:45
.
Pre-Run: 165,553,205,248 bytes free
Post-Run: 165,887,049,728 bytes free
.
- - End Of File - - 00A4C9FA2AAF728B83EA3807567817D8

#6 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 07:36 PM

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#7 davidb79

New Member

Group: Members
Posts: 8
Joined: 31-January 12

Posted 05 February 2012 - 09:05 PM

Here you go:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-05 19:41:54
-----------------------------
19:41:54.289 OS Version: Windows x64 6.1.7601 Service Pack 1
19:41:54.289 Number of processors: 2 586 0x170A
19:41:54.289 ComputerName: DAVID-LAPTOP UserName: David
19:41:57.239 Initialize success
19:41:57.385 AVAST engine defs: 12020503
19:42:29.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:42:29.183 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
19:42:29.205 Disk 0 MBR read successfully
19:42:29.209 Disk 0 MBR scan
19:42:29.216 Disk 0 Windows VISTA default MBR code
19:42:29.221 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 298 MB offset 63
19:42:29.239 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19328 MB offset 612352
19:42:29.260 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 457312 MB offset 40196096
19:42:29.268 Service scanning
19:42:31.436 Modules scanning
19:42:31.436 Disk 0 trace - called modules:
19:42:31.483 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:42:31.499 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004465060]
19:42:31.499 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004100050]
19:42:32.569 AVAST engine scan C:\Windows
19:42:35.616 AVAST engine scan C:\Windows\system32
19:45:26.343 AVAST engine scan C:\Windows\system32\drivers
19:45:41.631 AVAST engine scan C:\Users\David
20:40:44.879 AVAST engine scan C:\ProgramData
20:43:22.279 Scan finished successfully
21:03:33.044 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
21:03:33.052 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

#8 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 06 February 2012 - 05:55 PM

Well, that's as it should be.

Please run an online scan with ESET now

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Under scan settings, check and check Remove found threats
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
Copy and paste the resulting log in your next reply

If no log is generated that means nothing was found. Please let me know if this happens.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#9 davidb79

New Member

Group: Members
Posts: 8
Joined: 31-January 12

Posted 06 February 2012 - 10:18 PM

The scan is finished. Here is what it found:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Users\David\Downloads\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined

#10 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 07 February 2012 - 07:38 PM

There's adware and riskware there so we need to do further scan and removal with MBAM and SAS

Please download

Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Then SAS

Download Superantispyware

Load Superantispyware and click the check for updates button.
Once the update is finished click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
Copy and paste the log onto the forum.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#11 davidb79

New Member

Group: Members
Posts: 8
Joined: 31-January 12

Posted 07 February 2012 - 11:00 PM

Here's the MBAM log, nothing was found:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
David :: DAVID-LAPTOP [administrator]

2/7/2012 7:46:40 PM
mbam-log-2012-02-07 (19-46-40).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402754
Time elapsed: 1 hour(s), 34 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And here's the SuperAntiSpyware log. When I clicked "remove infected items," it began doing so fairly quickly, but then around 70 percent, it slowed down tremendously, removing an item every 15-20 (maybe more) seconds or so. Is that normal?

The removal isn't complete but I did save the log before it started, so here it is. If there are any changes after it completes, I'll post that tomorrow:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/07/2012 at 09:57 PM

Application Version : 5.0.1144

Core Rules Database Version : 8214
Trace Rules Database Version: 6026

Scan type : Quick Scan
Total Scan Time : 00:07:39

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 628
Memory threats detected : 0
Registry items scanned : 54217
Registry threats detected : 0
File items scanned : 10629
File threats detected : 499

Adware.Tracking Cookie
.thirteenbirds.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@adbrite[2].txt [ /adbrite ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.adk2[2].txt [ /ads.adk2 ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@advertising[2].txt [ /advertising ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@at.atwola[1].txt [ /at.atwola ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@atwola[1].txt [ /atwola ]
.revsci.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[1].txt [ /invitemedia ]
.imrworldwide.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.chicagosuntimes.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
.atdmt.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.ice.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@tacoda[2].txt [ /tacoda ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@www.windowsmedia[2].txt [ /www.windowsmedia ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@yieldmanager[1].txt [ /yieldmanager ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\ZD2N799P.txt [ /pointroll.com ]
.msnbc.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\336KJMT5.txt [ /ads.pointroll.com ]
.bs.serving-sys.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\G6EWXWDJ.txt [ /bs.serving-sys.com ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\FDP5V4B1.txt [ /atdmt.com ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\1Z1TTU58.txt [ /questionmarket.com ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\K7Q8VW5M.txt [ /serving-sys.com ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\UNH4DL3B.txt [ /imrworldwide.com ]
.s.clickability.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\UFYWKEB8.txt [ /doubleclick.net ]
dc.tremormedia.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\T5BM7EZG.txt [ /c.atdmt.com ]
.walmart.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@adsonar[2].txt [ Cookie:david@adsonar.com/adserving ]
.soundclick.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.soundclick.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.soundclick.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.soundclick.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.soundclick.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.soundclick.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.soundclick.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.trinitymirror.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@pointroll[1].txt [ Cookie:david@pointroll.com/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.qnsr.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.pointroll[1].txt [ Cookie:david@ads.pointroll.com/ ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@realmedia[2].txt [ Cookie:david@realmedia.com/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@network.realmedia[2].txt [ Cookie:david@network.realmedia.com/ ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@2o7[1].txt [ Cookie:david@2o7.net/ ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@invitemedia[2].txt [ Cookie:david@invitemedia.com/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.burstnet[2].txt [ Cookie:david@www.burstnet.com/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.burstbeacon[2].txt [ Cookie:david@www.burstbeacon.com/ ]
www.qsstats.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@bs.serving-sys[2].txt [ Cookie:david@bs.serving-sys.com/ ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZL0JPU1.txt [ Cookie:david@atdmt.com/ ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@questionmarket[1].txt [ Cookie:david@questionmarket.com/ ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@serving-sys[1].txt [ Cookie:david@serving-sys.com/ ]
.advanceinternet.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@burstbeacon[2].txt [ Cookie:david@burstbeacon.com/ ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@azjmp[2].txt [ Cookie:david@azjmp.com/ ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@msnportal.112.2o7[1].txt [ Cookie:david@msnportal.112.2o7.net/ ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@myroitracking[1].txt [ Cookie:david@myroitracking.com/ ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@gr.burstnet[2].txt [ Cookie:david@gr.burstnet.com/ ]
.associatedcontent.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ru4[2].txt [ Cookie:david@ru4.com/ ]
.paypal.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\YVM4IBVQ.txt [ Cookie:david@insightexpressai.com/ ]
.stats.paypal.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LXDDHC0.txt [ Cookie:david@c.atdmt.com/ ]
uk.sitestat.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@google[4].txt [ Cookie:david@google.com/accounts/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@burstnet[2].txt [ Cookie:david@burstnet.com/ ]
.xiti.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@zedo[2].txt [ Cookie:david@zedo.com/ ]
.twittercounter.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\Cookies\david@adsonar[2].txt [ Cookie:david@adsonar.com/adserving ]
C:\USERS\DAVID\Cookies\ZD2N799P.txt [ Cookie:david@pointroll.com/ ]
C:\USERS\DAVID\Cookies\336KJMT5.txt [ Cookie:david@ads.pointroll.com/ ]
C:\USERS\DAVID\Cookies\david@at.atwola[1].txt [ Cookie:david@at.atwola.com/ ]
C:\USERS\DAVID\Cookies\david@invitemedia[1].txt [ Cookie:david@invitemedia.com/ ]
C:\USERS\DAVID\Cookies\david@tacoda[2].txt [ Cookie:david@tacoda.net/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\Cookies\G6EWXWDJ.txt [ Cookie:david@bs.serving-sys.com/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\Cookies\FDP5V4B1.txt [ Cookie:david@atdmt.com/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\Cookies\1Z1TTU58.txt [ Cookie:david@questionmarket.com/ ]
.atdmt.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.cbsdigitalmedia.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\Cookies\K7Q8VW5M.txt [ Cookie:david@serving-sys.com/ ]
C:\USERS\DAVID\Cookies\UNH4DL3B.txt [ Cookie:david@imrworldwide.com/cgi-bin ]
C:\USERS\DAVID\Cookies\david@adbrite[2].txt [ Cookie:david@adbrite.com/ ]
C:\USERS\DAVID\Cookies\david@atwola[1].txt [ Cookie:david@atwola.com/ ]
C:\USERS\DAVID\Cookies\david@yieldmanager[1].txt [ Cookie:david@yieldmanager.net/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
C:\USERS\DAVID\Cookies\T5BM7EZG.txt [ Cookie:david@c.atdmt.com/ ]
C:\USERS\DAVID\Cookies\david@www.windowsmedia[2].txt [ Cookie:david@www.windowsmedia.com/ ]
C:\USERS\DAVID\Cookies\david@paypal.112.2o7[1].txt [ Cookie:david@paypal.112.2o7.net/ ]
C:\USERS\DAVID\Cookies\david@tacoda.at.atwola[1].txt [ Cookie:david@tacoda.at.atwola.com/ ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.usatoday1.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.tribuneinteractive.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.themis-media.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.gamestats.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.gamestats.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.gamestats.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.gamestats.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
www.gamestats.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.gamestats.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
www.gamestats.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.mtvn.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.movieticketscom.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.espn.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.seeclickfix.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.journalregistercompany.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.newsday.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.garfield-county.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.viacom.adbureau.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.viacom.adbureau.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.viacom.adbureau.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.ewstv.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.videos.mediaite.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.mediaite.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.mediaite.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.ipcmedia.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.timeinc.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
us.sitestat.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
us.sitestat.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.findarticles.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.findarticles.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.cbs.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.timeoutcommunications.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
zombtracker.the-zomb.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
zombtracker.the-zomb.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
zombtracker.the-zomb.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
mediamatters.org [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.mediamatters.org [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.mediamatters.org [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.medialifemagazine.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.examinercom.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.vpmc.122.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.staffordcountysun.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.dailyheraldpaddockpublication.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
magnet.traffic.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.petfinder.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.petfinder.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6KQ33IB4.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracked.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracked.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracked.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mtvn.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.associatedcontent.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chicagosuntimes.122.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.care2.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.paypal.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pitchforkmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pitchforkmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pitchforkmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pitchforkmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pumaonlinestorede.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.themis-media.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.aldi.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.aldi.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usatoday1.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gntbcstglobal.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.warnerbros.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.irishtimesgroup.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ie-stat.bmmetrix.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ie-stat.bmmetrix.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viewablemedia.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.walmart.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advanceinternet.122.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findlocation.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findlocation.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracked.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rtst.122.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sexinfo101.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
am.sexinfo101.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sexinfo101.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sexinfo101.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hearstmagazines.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sexinfo101.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counters.gigya.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbs.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.examinercom.122.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.youporn.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.youporn.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.youporn.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.wandascountryhome.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cmp.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hearstugo.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
optimize.indieclick.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracked.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracked.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracked.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbsdigitalmedia.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.newsday.122.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.leeenterprises.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.topmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.topmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.idgenterprise.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.torstardigital.122.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.soundtrack-movie.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
thewrap.rotator.hadj7.adjuggler.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
thewrap.rotator.hadj7.adjuggler.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.twitpic.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
myaccount.nytimes.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.foxinteractivemedia.122.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trackitt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trackitt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trackitt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trackitt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trackitt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trackitt.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rotator.hadj7.adjuggler.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hotlog.ru [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www9.addfreestats.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.clickmanage.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.clickmanage.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

#12 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 08 February 2012 - 05:40 PM

It didn't show anything other than tracking cookies.

How has the machine been running?

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#13 davidb79

New Member

Group: Members
Posts: 8
Joined: 31-January 12

Posted 08 February 2012 - 09:52 PM

There hasn't been much change since doing these scans. The biggest difference-maker was running the disk check last week. The machine has been running much better since then, but still has the audio skipping at pretty much the same frequency. I'm wondering if it's a case where the hard drive is going bad and I need to replace it. What do you think?

#14 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 09 February 2012 - 09:15 PM

It could be the hard drive but it could also be a number of other things such as an audio driver needing an update.

I am sure that you're clean so post the question on the Audio and Video forum here

This topic will stay open for five days before I close it. PM me if you need to after that.