Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windowsclick.com Redirect removal help


  • Please log in to reply
25 replies to this topic

#1 ThatGirl

ThatGirl

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 February 2009 - 12:43 PM

Yesterday ( monday ) my computer was infected with both a "Windowsclick" redirect and another trojan. After booting the computer in safe mode and downloading malwarebytes I managed to get rid of the trojan. But when I went to use firefox all of my plugins and bookmarks were still gone (They hadn't been there before I removed the trojan either). I attemped to follow the instructions on this site but I did not see the UACd.sys trojan driver. I re-ran the malwarebytes in both safe mode and through regular booting but I keep getting nothing. I have hijackthis and a log for it on my computer, but what ever it is that is infecting my comp wont let me e-mail it to myself. I was also unable to make an account for this site while at home and I had to wait until I got to school to make one. My home computer has Windows XP service pack 2 and I made no downloads around the time of infection. (In fact the infection showed it self after I rebooted the computer yesterday afterschool.).

So the question is, How do I remove the Windowsclick redirect? And if anyone has any help reguarding me getting the Hijackthis log onto here I would be greatful.

Thanks for reading.

Edited by ThatGirl, 10 February 2009 - 12:44 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 AM

Posted 10 February 2009 - 01:42 PM

Hi and welcome,first i am moving the Topic. From XP to Am I Infected as it's a malware issue.
Please post back 2 logs.

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


RERUN MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ThatGirl

ThatGirl
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 February 2009 - 08:48 PM

Super Anti-spyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/10/2009 at 07:44 PM

Application Version : 4.25.1012

Core Rules Database Version : 3750
Trace Rules Database Version: 1716

Scan type : Complete Scan
Total Scan Time : 02:07:52

Memory items scanned : 297
Memory threats detected : 0
Registry items scanned : 8445
Registry threats detected : 8
File items scanned : 236998
File threats detected : 530

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}
HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}
HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}
HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}\InProcServer32
HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\IEHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}
HKU\S-1-5-21-2411141977-558251073-2985399098-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}

Adware.Tracking Cookie
C:\Documents and Settings\Cedaesha\Cookies\cedaesha@atdmt[2].txt
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mrl8tqzf.default\cookies.txt ]
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
.doubleclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.googleadservices.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.revenue.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.n4061ad.doubleclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.bootcampmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ads.bootcampmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ads.bootcampmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.content.yieldmanager.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
openxxx.viragemedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.timeinc.122.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
ads.lucidmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
divavillage.advertserve.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ehg-nestleusainc.hitbox.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.ehg-nestleusainc.hitbox.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
www.discountwholesaleonline.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.discountwholesaleonline.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
www.discountwholesaleonline.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
www.discountwholesaleonline.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.veohnetwork.122.2o7.net [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\Cedaesha\Application Data\Mozilla\Firefox\Profiles\2g7l9ijl.default\cookies.txt ]
C:\Documents and Settings\Cedaesha\Local Settings\Temp\Cookies\cedaesha@apmebf[1].txt
.adultfriendfinder.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
clickz.lonelycheatingwives.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
clickz5.lonelycheatingwives.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.pornhub.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.pornhub.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.pornhub.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
www.pornhub.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
www.pornhub.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.citi.bridgetrack.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
n4061ad.doubleclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.trackandfieldnews.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.trackandfieldnews.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.adfi.adbureau.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.fls.doubleclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.tvguide.112.2o7.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.microsoftwindows.112.2o7.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.clickshift.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
www.clickmanage.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
www.clickmanage.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.track.bestbuy.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.sonyelectronicssupportus.112.2o7.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.whitecastle.122.2o7.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.creditcardscom.112.2o7.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.eyewonder.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
ad.doubleclick.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
adserver.adreactor.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
media.hopstop.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.nintendo.112.2o7.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.ads.adbrite.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
www.accountonline.com [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Cedanea\Application Data\Mozilla\Firefox\Profiles\vfx2g8k0.default\cookies.txt ]
C:\Documents and Settings\Cedanea\Cookies\cedanea@a.as-us.falkag[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@a.websponsors[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@accountonline[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@accounts[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ad.yieldmanager[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@adknowledge[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@adlegend[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@adopt.specificclick[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@adrevolver[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ads.addynamix[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ads.monster[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ads.pointroll[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ads.realtechnetwork[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@adultadworld[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@anad.tacoda[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@anat.tacoda[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@as-us.falkag[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@as.casalemedia[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@at.atwola[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@atwola[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@azjmp[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@belnk[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@bet.122.2o7[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@bizrate[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@boostmobile.112.2o7[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@bravenet[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@cc.bridgetrack[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@citi.bridgetrack[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@coolsavings[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@counter.hitslink[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@data4.perf.overture[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@dist.belnk[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@doubleclick[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@edge.ru4[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ehg-emmiscommunications.hitbox[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ehg-sonycomputer.hitbox[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@ehg.hitbox[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@gettyimages.122.2o7[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@insightexpressai[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@interclick[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@kontera[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@lbdubgang.ul-media[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@login.tracking101[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@optimost[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@partner2profit[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@publishers.clickbooth[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@realmedia.co[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@redorbit[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@reduxads.valuead[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@roiservice[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@snagajob.122.2o7[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@specificclick[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@tracking.citibank[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@traffic.buyservices[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@vhost.oddcast[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@windowsmedia[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@www.accountonline[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@www.burstbeacon[2].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@www.burstnet[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@www.redorbit[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@www.yfdmedia[1].txt
C:\Documents and Settings\Cedanea\Cookies\cedanea@z1.adserver[1].txt

Trojan.Media-Codec
HKU\S-1-5-21-2411141977-558251073-2985399098-1006\Software\Internet Security


(After doing some skimming I realize that I will never let anyone else use my computer ever again. Such a stupid idea ><)

MBAM Log(My new best friend)

Malwarebytes' Anti-Malware 1.33
Database version: 1745
Windows 5.1.2600 Service Pack 2

2/10/2009 8:19:44 PM
mbam-log-2009-02-10 (20-19-44).txt

Scan type: Quick Scan
Objects scanned: 80657
Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysguard (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twex.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twex.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\UACptkxrfhl.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACqoowbite.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACupxdohae.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACymxfmqid.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\UACkkymixmy.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\UAC4ea7.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UAC8e7f.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\a (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\twex.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACsttuanaa.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACtlisdove.dat (Trojan.Agent) -> Delete on reboot.



As far as I can tell my computer seems to be working once again although I've lost all my bookmarks. But just in case someone else needs to use this to help them I'd like to point out that what ever it is that attacked my computer doesn't let you open/install things that could potentially harm it (i.e. antivirus/malware). To run these programs I simply changed the names.(i.e. I named Super, "Super.exe" and installed it. Then I went to program files and changed the program to "Super", otherwise I would get an error message.

The only thing I'm worried about now it that it seems the popup from the original trojan has resurfaced, only its a broken image (with the red square in the corner). :/ There are no other problems as far as I can tell, and I can now log into sites and what not.

Edited by ThatGirl, 10 February 2009 - 08:49 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 AM

Posted 10 February 2009 - 10:02 PM

Hello yes Mbams a good friend. The TDDS you havre there is what caused your running difficulty and you did well tp rename. I need to warn of the problem with this infection. Yes frinds on your PC can be brutal.

A backdoor Trojan can allow an attacker to
gain control of the system, log keystrokes, steal passwords, access personal
data, send malevolent outgoing traffic, and close the security warning
messages displayed by some anti-virus and security programs.

I would advise you to disconnect this PC from the Internet, and then go to
a known clean computer and change any passwords or security information held
on the infected computer. In particular, check whatever relates to online
banking financial transactions, shopping, credit cards, or sensitive
personal information. It is also wise to contact your financial institutions
to apprise them of your situation.

Perhaps you may want to consider this.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ThatGirl

ThatGirl
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 February 2009 - 10:14 PM

I would much rather clean the machine than reformat it. And I'm very much aware that my computer wont be totally safe afterwards which is why I have plans to buy a laptop in April and do everything the safer way.

Edited by ThatGirl, 10 February 2009 - 10:15 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 AM

Posted 10 February 2009 - 10:32 PM

Ok that's cool. Then we need to run these next. We will need to run several scans.
SDFix;

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.


Now run Part 1 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 ThatGirl

ThatGirl
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 11 February 2009 - 09:15 PM

Sorry for the wait, I had to go to sleep, and study. Not in that order of course.
Here is the log from SDfix

SDFix: Version 1.240
Run by Cedaesha on Wed 02/11/2009 at 08:27 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 20:55:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\UACkkymixmy.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys\modules]
"UACd"="\\?\globalroot\systemroot\system32\drivers\UACkkymixmy.sys"
"UACc"="\\?\globalroot\systemroot\system32\UACqoowbite.dll"
"uacsr"="\\?\globalroot\systemroot\system32\UACtlisdove.dat"
"uaclog"="\\?\globalroot\systemroot\system32\UACymxfmqid.dll"
"uacmask"="\\?\globalroot\systemroot\system32\UACupxdohae.dll"
"uacbbr"="\\?\globalroot\systemroot\system32\UACptkxrfhl.dll"
"UACproc"="\\?\globalroot\systemroot\system32\UACsttuanaa.log"
"uacurls"="\\?\globalroot\systemroot\system32\UACuhocpwsr.log"
"uacerrors"="\\?\globalroot\systemroot\system32\UACfqqadjgx.log"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\UACkkymixmy.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\modules]
"UACd"="\\?\globalroot\systemroot\system32\drivers\UACkkymixmy.sys"
"UACc"="\\?\globalroot\systemroot\system32\UACqoowbite.dll"
"uacsr"="\\?\globalroot\systemroot\system32\UACtlisdove.dat"
"uaclog"="\\?\globalroot\systemroot\system32\UACymxfmqid.dll"
"uacmask"="\\?\globalroot\systemroot\system32\UACupxdohae.dll"
"uacbbr"="\\?\globalroot\systemroot\system32\UACptkxrfhl.dll"
"UACproc"="\\?\globalroot\systemroot\system32\UACsttuanaa.log"
"uacurls"="\\?\globalroot\systemroot\system32\UACuhocpwsr.log"
"uacerrors"="\\?\globalroot\systemroot\system32\UACfqqadjgx.log"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\WINDOWS\\system32\\dlcxcoms.exe"="C:\\WINDOWS\\system32\\dlcxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Games\\Kyodai\\kyodai.exe"="C:\\Games\\Kyodai\\kyodai.exe:*:Enabled:kyodai"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\KartRider\\NMService.exe"="C:\\Nexon\\KartRider\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\AsiaSoft Online\\GetAmped\\amped.exe"="C:\\Program Files\\AsiaSoft Online\\GetAmped\\amped.exe:*:Enabled:amped"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe:*:Enabled:WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe:*:Enabled:WoW-2.3.0-enUS-downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-patch.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-patch.exe:*:Enabled:WoW-2.3.0.7561-to-2.3.2.7741-enUS-patch"
"C:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"="C:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe:*:Enabled:GOM Player"
"C:\\Program Files\\Game Vindicator\\Game Vindicator\\GameVindicator.exe"="C:\\Program Files\\Game Vindicator\\Game Vindicator\\GameVindicator.exe:*:Enabled:GameVindicator"
"C:\\ijji\\ENGLISH\\u_skid.exe"="C:\\ijji\\ENGLISH\\u_skid.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\AeriaGames\\Project Torque\\ProjectTorque.bin"="C:\\Program Files\\AeriaGames\\Project Torque\\ProjectTorque.bin:*:Enabled:LevelR"
"C:\\Documents and Settings\\Cedaesha\\Desktop\\SPPScript4\\SPPScript4\\mirc.exe"="C:\\Documents and Settings\\Cedaesha\\Desktop\\SPPScript4\\SPPScript4\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe"="C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Documents and Settings\\Cedaesha\\Desktop\\MapleStory\\Debug\\MapleStoryServer.exe"="C:\\Documents and Settings\\Cedaesha\\Desktop\\MapleStory\\Debug\\MapleStoryServer.exe:*:Enabled:MapleStoryServer"
"C:\\Documents and Settings\\Cedaesha\\Desktop\\New Folder\\localhost55.exe"="C:\\Documents and Settings\\Cedaesha\\Desktop\\New Folder\\localhost55.exe:*:Enabled:localhost55"
"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"="C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\\ijji\\ENGLISH\\u_gbound.exe"="C:\\ijji\\ENGLISH\\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\Digsby\\lib\\digsby-app.exe"="C:\\Program Files\\Digsby\\lib\\digsby-app.exe:*:Enabled:Digsby IM"
"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\\Program Files\\Puzzlegeddon Demo\\Puzzlegeddon.exe"="C:\\Program Files\\Puzzlegeddon Demo\\Puzzlegeddon.exe:*:Enabled:Puzzlegeddon Demo"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire 4.18.1"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\NeffyManSp\\NeffyManSp.exe"="C:\\Program Files\\NeffyManSp\\NeffyManSp.exe:*:Enabled:NeffyManSp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Fri 17 Nov 2006 88 A.SHR --- "C:\i386\7F7FE77BC5.sys"
Fri 17 Nov 2006 104 A.SHR --- "C:\i386\C57BE77F7F.sys"
Fri 17 Nov 2006 6,686 A.SH. --- "C:\i386\KGyGaAvL.sys"
Wed 17 Oct 2007 145,920 ..SHR --- "C:\Program Files\Sprint music manager\Setup.exe"
Wed 1 Aug 2007 53,248 A.SHR --- "C:\Program Files\Sprint music manager\_Setupx.dll"
Thu 29 Mar 2007 88 ..SHR --- "C:\WINDOWS\system32\7F7FE77BC5.sys"
Wed 27 Aug 2008 152 ..SHR --- "C:\WINDOWS\system32\C57BE77F7F.sys"
Wed 27 Aug 2008 11,064 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 27 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 11 Feb 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1c6354e794062ab2b0b1e5d122acfbdc\BIT2.tmp"
Wed 11 Feb 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6468021b2765d1cbe95cbb4632ff65b7\BIT3.tmp"
Wed 11 Feb 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd64172cd2143fb5d6d9c864a6da8395\BIT4.tmp"
Tue 21 Nov 2006 11,115 A.SH. --- "C:\Documents and Settings\Cedaesha\My Documents\My Music\License Backup\drmv2key.bak"
Wed 11 Feb 2009 5,946 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp"
Mon 30 Apr 2007 1,558 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\ComC1.tmp"
Wed 17 Jan 2007 10,294 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\ComC1h.tmp"
Wed 17 Jan 2007 10,294 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\ComC1s.tmp"
Mon 30 Apr 2007 4,438 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\GamD.tmp"
Thu 18 Jan 2007 8,246 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\GamDh.tmp"
Thu 18 Jan 2007 8,246 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\GamDs.tmp"
Mon 30 Apr 2007 8,758 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\OffF.tmp"
Thu 18 Jan 2007 8,246 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\OffFh.tmp"
Thu 18 Jan 2007 8,246 A..H. --- "C:\Documents and Settings\Cedaesha\Application Data\Microsoft\Office\Shortcut Bar\OffFs.tmp"
Sat 4 Oct 2008 13 A..H. --- "C:\Documents and Settings\Cedanea\Local Settings\Application Data\Microsoft\Silverlight\BIT15.tmp"
Mon 13 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Mon 13 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Mon 13 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Mon 13 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Mon 13 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"

Finished!


And Smitfraud

SmitFraudFix v2.395

Scan done at 21:12:22.47, Wed 02/11/2009
Run from C:\Documents and Settings\Cedaesha\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\DOCUME~1\Cedaesha\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Cedaesha\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Cedaesha


C:\DOCUME~1\Cedaesha\LOCALS~1\Temp


C:\Documents and Settings\Cedaesha\Application Data


Start Menu


C:\DOCUME~1\Cedaesha\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

[!] Suspicious: TwcToolbarBho.dll
BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD}
TypeLib: {07719EFA-B371-40e4-9BE5-2D5A760E8A68}
VersionIndependentProgID: TwcToolbarBho.TwcToolbarBhoApp
ProgID: TwcToolbarBho.TwcToolbarBhoApp.1



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.20.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8985B75-722C-45F3-A15B-AC130A616D6D}: DhcpNameServer=192.168.20.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8985B75-722C-45F3-A15B-AC130A616D6D}: DhcpNameServer=192.168.20.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8985B75-722C-45F3-A15B-AC130A616D6D}: DhcpNameServer=192.168.20.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.1


Scanning for wininet.dll infection


End


Edited by ThatGirl, 11 February 2009 - 09:15 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 AM

Posted 11 February 2009 - 09:45 PM

Ok,that was good they were clean and reset your hosts file.
Lets just do two more things.
RERUN MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan.
After scan click Remove Selected, Post new scan log and Rebootinto normal mode.

Next a Rootkit scan,
Before performing a Anti rootkit scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

Disconnect from the Internet or physically unplug you Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.


Please navigate to the download page of Avira AntiRootkit and click on Download to save it to your Destop.
  • You should now find a file called: antivir_rootkit.zip on your Desktop.
  • Extract the file to your Desktop (you may then delete the zip file).
  • You should now have a folder with Setup.exe and some other files within it on your Desktop.
  • Double-click Setup.exe.
  • Click Next.
  • Highlight the radio button to acceppt the license agreement and then click Next.
  • Then click Next and Install to finalise the installation process.
  • Click Finish (you may now also delete the folder with the extracted files from the zip archive)
You successfully installed Avira AntiRootkit!
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select: Avira RootKit Detection
  • Click OK when a message window pops up
  • Click Start scan and let it run
  • Click View report and copy the entire contents into your next reply.

Edited by boopme, 11 February 2009 - 09:46 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 ThatGirl

ThatGirl
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 11 February 2009 - 09:52 PM

Thanks! MBAM is updating/scanning as I type this. I was just wondering what Anti-Virus software should I use after all of this is done? I currently have AVG8 but I'm kind of skeptical of it's abilities since MBAM and others caught so many of its mistakes since I set AVG8 to scan every morning at 8 and it only catches "Threats" And it says it deletes them, but those are the same threats that were removed at the start of this process. Or perhaps I did something wrong? :/ (Besides the obvious things, i.e. friends >:0)

Edited by ThatGirl, 11 February 2009 - 09:53 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 AM

Posted 11 February 2009 - 10:08 PM

You're welcome,and you keep waking me up :thumbsup:
Well rule is 1 AV active9realtime), a few antispys like MBam and SAS and 1 software firewall.
Is this a paid AVG? On my PC i run AVira,SAS MBam as on demand scanners. Oh I also run SpywareBlaster realtime.

I usually post this when we are done but reading it now can't hurt. Please take a moment to read quietman7's excellent prevention tips in post 17 here
Tips to protect yourself against malware and reduce the potential for re-
infection
:

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 ThatGirl

ThatGirl
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 11 February 2009 - 11:25 PM

I am currently using AVG free and I will definatly read those links! :3

However. . .
I was going to wait until MBAM was finished before I posted again but this came uo from AVG8 Free while it was/is scanning :/

"C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534\A0122347.dll";"Trojan horse FakeAlert.GV";"Infected"
"C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534\A0122348.dll";"Trojan horse FakeAlert.GL";"Infected"
"C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534\A0122349.dll";"Trojan horse FakeAlert.GL";"Infected"
"C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534\A0122350.dll";"Trojan horse FakeAlert.GL";"Infected"


It came up as a resident shield alert so I checked "Remove threats as power user" and pressed "Remove all unhealed selections"

But after I did it I saw in the process names were all "C:\Program Files\Malwarebytes' AntiMalware\Mbam.exe"

I did I do something wrong? Was I supposed to turn off AVG8 as I scanned?

(By the way MBam is still scanning as if nothing happened O_o;)

And just when I thought things were going well ><;

(And sorry about waking you up :3)

Edited by ThatGirl, 11 February 2009 - 11:26 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 AM

Posted 11 February 2009 - 11:44 PM

You do have a lot of files 236998 to go thru so it will take a while.
It's usually better to shut off other active scanners while running another. motly for speed and to prevent false positives. But your OK here as you saw process names were all "C:\Program Files\Malwarebytes' AntiMalware\Mbam.exe" are all false positives. But at least your AV did it's job telling you a tool is invading the system. it just doesn't distinguish good and bad only it sees it and tells you.

These we will clean out at the end
"C:\System Volume Information\_restore{129201FA.

i'm hitting the hay now.. look back tomorrow. :thumbsup:

Edited by boopme, 11 February 2009 - 11:45 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 ThatGirl

ThatGirl
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 11 February 2009 - 11:46 PM

Good night then! :3

I'll post logs and then follow your lead.

Malwarebytes' Anti-Malware 1.34
Database version: 1751
Windows 5.1.2600 Service Pack 2

2/11/2009 11:40:01 PM
mbam-log-2009-02-11 (23-40-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 315091
Time elapsed: 1 hour(s), 49 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\a (Trojan.Agent) -> Delete on reboot.

O_o; Is that too many files for one computer? Wow.

RootKit

HKLM\SECURITY\Policy\Secrets\SAC* 8/16/2005 12:01 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/16/2005 12:01 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 11/13/2006 4:23 PM 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 2/11/2009 11:56 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\{75444CBD-D248-4CFC-8757-F157F7DCE277} 2/11/2009 11:57 PM 96 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Epoch\Epoch 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{75444CBD-D248-4CFC-8757-F157F7DCE277}\LeaseObtainedTime 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{75444CBD-D248-4CFC-8757-F157F7DCE277}\T1 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{75444CBD-D248-4CFC-8757-F157F7DCE277}\T2 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{75444CBD-D248-4CFC-8757-F157F7DCE277}\LeaseTerminatesTime 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\{75444CBD-D248-4CFC-8757-F157F7DCE277}\Parameters\Tcpip\LeaseObtainedTime 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\{75444CBD-D248-4CFC-8757-F157F7DCE277}\Parameters\Tcpip\T1 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\{75444CBD-D248-4CFC-8757-F157F7DCE277}\Parameters\Tcpip\T2 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\{75444CBD-D248-4CFC-8757-F157F7DCE277}\Parameters\Tcpip\LeaseTerminatesTime 2/11/2009 11:57 PM 4 bytes Data mismatch between Windows API and raw hive data.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535\A0129580.cfg 2/11/2009 9:37 PM 14.29 KB Hidden from Windows API.


The Avira log will go here

Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started Thursday, February 12, 2009 - 01:20:25
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 228.11 GB
- Working disk free size : 154.89 GB (67 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys\modules
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys -> start
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys -> type
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys -> imagepath
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UACd.sys -> group
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys\modules
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys -> start
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys -> type
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys -> imagepath
Hidden value : HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys -> group

--------------------------------------------------------------------------------------------------------
Files: 0/208716
Registry items: 10/463599
Processes: 0/62
Scan time: 00:15:56
--------------------------------------------------------------------------------------------------------
Active processes:
- segoxwec.exe (PID 2876) (Avira AntiRootkit Tool - Beta)
- System (PID 4)
- smss.exe (PID 628)
- csrss.exe (PID 684)
- winlogon.exe (PID 708)
- services.exe (PID 752)
- lsass.exe (PID 764)
- svchost.exe (PID 968)
- svchost.exe (PID 1036)
- svchost.exe (PID 1388)
- svchost.exe (PID 1420)
- svchost.exe (PID 1488)
- svchost.exe (PID 1652)
- aawservice.exe (PID 1812)
- spoolsv.exe (PID 1720)
- PhotoshopElementsFileAgent.exe (PID 1932)
- AppleMobileDeviceService.exe (PID 1968)
- avgwdsvc.exe (PID 1980)
- mDNSResponder.exe (PID 2008)
- CreativeLicensing.exe (PID 2032)
- CTSVCCDA.EXE (PID 140)
- ehrecvr.exe (PID 476)
- ehSched.exe (PID 612)
- GoogleUpdaterService.exe (PID 840)
- MDM.EXE (PID 1136)
- npkcmsvc.exe (PID 1204)
- nvsvc32.exe (PID 1236)
- PSIService.exe (PID 1292)
- svchost.exe (PID 1672)
- svchost.exe (PID 456)
- Pen_Tablet.exe (PID 544)
- avgrsx.exe (PID 564)
- avgnsx.exe (PID 376)
- ViewpointService.exe (PID 1792)
- avgemc.exe (PID 1816)
- mcrdsvc.exe (PID 2164)
- avgcsrvx.exe (PID 2356)
- dllhost.exe (PID 3180)
- alg.exe (PID 3444)
- ViewMgr.exe (PID 1604)
- explorer.exe (PID 2104)
- Pen_TabletUser.exe (PID 1772)
- Pen_Tablet.exe (PID 2192)
- rundll32.exe (PID 2000)
- dlcxmon.exe (PID 3356)
- avgtray.exe (PID 3512)
- apdproxy.exe (PID 3776)
- rundll32.exe (PID 3784)
- wuauclt.exe (PID 3792)
- svchost.exe (PID 3800)
- clclean.0001 (PID 3832)
- iTunesHelper.exe (PID 2652)
- stsystra.exe (PID 2676)
- dlcxcoms.exe (PID 728)
- googletalk.exe (PID 3652)
- ctfmon.exe (PID 2436)
- CTSyncU.exe (PID 2664)
- veohwebplayer.exe (PID 2796)
- iPodService.exe (PID 3096)
- Ymsgr_tray.exe (PID 2640)
- firefox.exe (PID 3056)
- avirarkd.exe (PID 3292)
========================================================================================================
- Scan finished Thursday, February 12, 2009 - 01:36:21
========================================================================================================



I will post the new rootkit in the morning (Around 6-7am before I head out for school) I am letting it scan now.

Edited by ThatGirl, 12 February 2009 - 07:45 AM.


#14 ThatGirl

ThatGirl
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 12 February 2009 - 07:45 AM

New RootKit

HKLM\SECURITY\Policy\Secrets\SAC* 8/16/2005 12:01 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/16/2005 12:01 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 11/13/2006 4:23 PM 13 bytes Data mismatch between Windows API and raw hive data.



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 AM

Posted 12 February 2009 - 09:48 AM

Ahhh there goes sleepin in today :thumbsup:
Please run Avira AntiRootkit again by following the below steps:
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select: Avira RootKit Detection
  • Click OK when a message window pops up
  • Click Start scan and let it run
  • When the scan has finished, select the following file:

    << file goes here >>
  • Click Quarantine and repeat this for the following files:

    << files goes here >>
  • When done, please click OK (you may be asked to restart, if so please do so by clicking OK once more)
  • The log can be found here: C:\Program Files\Avira GmbH\Avira RootKit Detection\avirarkd.log. Please copy the entire contents into your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users