Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack! Please help


  • Please log in to reply
12 replies to this topic

#1 BullBlogga

BullBlogga

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 06 August 2010 - 07:37 PM

Hi I recently acquired a computer from a coworker who had upgraded to a new system, when I booted it up I found a virus/malware.

One of the problems is that the svchost takes over all of the available memory and cpu. Usually 100+% cpu. I am able to force quit this svchost.exe and the PC goes back to normal for a little while and then does it again.

Another problem is I can go to the home page (google) and search for something, but when i try to click on the link I get redirected to a different url than the one I clicked on.

I am running Windows XP Pro with Svc Pk 2.

Please Help

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:04 PM

Posted 06 August 2010 - 11:17 PM

Hello and welcome . Let's do these.
Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe


alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Check for and confirm the MBR rootkit
,

Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 BullBlogga

BullBlogga
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 07 August 2010 - 06:16 AM

Hello

Thank you for your quick response. Below I have taken the liberty of posting my malwarebytes log file.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4402

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/7/2010 7:01:03 AM
mbam-log-2010-08-07 (07-01-03).txt

Scan type: Quick scan
Objects scanned: 155853
Time elapsed: 1 hour(s), 20 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\clickpotatolite@clickpotatolite.com (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\My Documents\downloads\FLVPro.exe (Adware.FlvDirect) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y7P5FJUT\FLVPlayer_silent[1].exe (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\player.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Button.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\Skin\DirectFLV\Window.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.

I will follow the rest of your instructions and report back pronto...Thanks again

Roger

#4 BullBlogga

BullBlogga
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 07 August 2010 - 08:46 AM

Hello again Boopme

Here are the other logs that you requested:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/07/2010 at 09:14 AM

Application Version : 4.41.1000

Core Rules Database Version : 4855
Trace Rules Database Version: 2667

Scan type : Complete Scan
Total Scan Time : 01:19:22

Memory items scanned : 251
Memory threats detected : 0
Registry items scanned : 6089
Registry threats detected : 4
File items scanned : 79978
File threats detected : 293

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cdn.at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cts.metricsdirect[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cts.zroitracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
cdn4.specificclick.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
convoad.technoratimedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
core.insightexpressai.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
ds.serving-sys.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
ec.atdmt.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
media.heavy.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
media.onsugar.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
mediaforgews.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
sex.healthguru.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
spe.atdmt.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
udn.specificclick.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\9X3U5S5P ]
C:\Documents and Settings\LocalService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.gossipcenter[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adultfriendfinder[1].txt
C:\Documents and Settings\LocalService\Cookies\system@click.kiwinets[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\LocalService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\LocalService\Cookies\system@oasn04.247realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\LocalService\Cookies\system@www.burstbeacon[2].txt
affiliates.infomediainc.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
media-ut.pictela.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
media.ign.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
media.onsugar.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NCGZAGNE ]
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
cdn.insights.gravity.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
convoad.technoratimedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
core.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
crackle.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
ia.media-imdb.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
indieclick.3janecdn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
media.wcnc.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
objects.tremormedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
s0.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
spe.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
static.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
video.redorbit.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
www.epictrafficsystems.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
www.web20keywordfinder.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
zerodowntraffic.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6WAB8WTH ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
s9.shinystat.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.shinystat.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
tracking.hostgator.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.wachovia.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
analytics.cj.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
advertising.edvisors.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.undergroundtrafficblueprints.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.undergroundtrafficblueprints.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.citygridmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.citygridmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.shopica.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adsensefortress.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
counter.surfcounters.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
publishers.clickbooth.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
bridge1.admarketplace.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
click2go.org [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.cj.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adtech.de [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
www.pcstats.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.pcstats.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.pcstats.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.hotlog.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
www.apartmentfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.edgeadx.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
sales.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.theclickcheck.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.theclickcheck.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
pixel.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o72mzt0x.default\cookies.sqlite ]
.cj.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cj.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cj.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atwola.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ar.atwola.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ar.atwola.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atwola.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.adultadvertising.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.adultadvertising.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.richmedia.yahoo.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads1.adultadvertising.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Trojan.Agent/Gen
HKLM\Software\AGProtect
HKLM\Software\AGProtect#Cfg

Trojan.Hugipon
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll


And also:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


There were no problems with your instructions but the original problems still persist such as browser redirects

Roger

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:04 PM

Posted 07 August 2010 - 08:54 AM

OK, good.. You can see how you picked this up,so be careful out there.

If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 BullBlogga

BullBlogga
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 07 August 2010 - 11:11 AM

Ok I've tried both of the methods that you have suggested above and I am still getting the browser redirects along with some occasional intermittent tab pop ups. Below is the latest Malwarebytes log file

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4402

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/7/2010 11:49:52 AM
mbam-log-2010-08-07 (11-49-52).txt

Scan type: Quick scan
Objects scanned: 143436
Time elapsed: 1 hour(s), 32 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.


It seems as though Malwarebytes hasn't been able to get rid of the rootkit files

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:04 PM

Posted 07 August 2010 - 11:38 AM

The problem may actually be based in your router.

Next disconnect your system from the internet, and your router,


Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE

You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 BullBlogga

BullBlogga
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 07 August 2010 - 02:16 PM

The problem may actually be based in your router.

Next disconnect your system from the internet, and your router,


Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE

You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.


I recently acquired this pc from a friend who upgraded to a newer system because of the problems that I've explained above. I have 3 other computers on my home network that were already connected to the Internet via this router before I introduced this one and they have not been infected nor do they display the same behavior as the one that I am trying to disinfect.

Roger

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:04 PM

Posted 07 August 2010 - 03:18 PM

OK, we got one more shot here or we move you to HJT/DDS forum.
please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 BullBlogga

BullBlogga
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 08 August 2010 - 05:30 PM

Hi Boopme

I apologize for taking so long to respond, but after that last set of instructions I ran into some serious problems. The rootkit removal worked and also got rid of the Browser redirects but when I ran the last Malwarebytes scan and rebooted my computer, the drivers for my network interface card became corrupted.

I must also tell you that immediately after the rootkit removal, my system began to do an automatic microsoft windows update (which it has not done since I've had the system). I have not been able to successfully boot to the Internet from that machine because of the driver issues (on board LAN) but the latest scans seem to show much improved results.

Roger

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:04 PM

Posted 08 August 2010 - 06:48 PM

For the connection first try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


Do you have the software to reinstall it?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 BullBlogga

BullBlogga
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 09 August 2010 - 03:43 PM

Hi Boopme

This particular machine has an nForce 2 chipset with nvidia drivers and the onboard LAN doesn't play nice when it comes to uninstalling and reinstalling and updating drivers. What I'll probably do is go with a PCI or USB NIC card to eliminate that problem all together, but as for the redirect problems and the popups I won't really be able to report on that until I get reconnected.

P.S. I tried the suggestion above and it didn't work. Thanks so much for your patience, and I will report back when I connect to the Internet

Roger

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:04 PM

Posted 09 August 2010 - 04:09 PM

Not really my good area but if you need help ask in XP or networking.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users