Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annonymous Router Logins


  • Please log in to reply
12 replies to this topic

#1 christijacks2

christijacks2

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 02 September 2010 - 04:46 PM

Hello!

I have been on this case since January of this year. I did receive some help earlier on this site and the guy was very helpful. At the time I thought perhaps my bf had something to do with all of this but he has since then convinced me that he doesn't. ( Although....well....you know :thumbsup: )

Anyway...to try to make a short story of the whole thing I have had remote connections made to my computer that I was able to detect from the windows security files. I have found files that looked like they belonged to a Linux program on my computer. Have seen physical changes in files as well as compromises in password protected accounts etc etc. I have reformatted my PC probably 5 or 6 times over the eight months. I went out two days ago and bought a new hard drive thinking that would help. I immediately password protected my bios as well as my hard drive and my power up and log on before ever connecting to the internet. I was feeling pretty good about what I had done. Thinking maybe I had out witted them!!

WRONG! I have recently taken up packet monitoring with Wireshark. While on the phone yesterday I literally watched the packets roll in while someone logged on to my network "anonymously". From the information the packets stated they appeared to log on with an email address as their password, and proceeded to set up file sharing.Then I something about entering passive mode, then a bunch of "macro media" files etc. etc. WOW. I thought...so that is how its done. After I get over my rant on the phone about it, I notice that my hard wire connection has come away from my laptop. My wireless is on and I have a error message on the screen from Wireshark. So I'm thinking how could they get to my PC if my stuff is all protected?? A key logger wouldn't work as it was a new hard drive and I never connected to internet. So I turn off my wireless and try to hard wire to the router and "no mas!" Just like the last time I locked my hard drive down. I thought maybe it was just a glitch last time, however it worked before the "anonymous log in" and 5 min later no connection. My wireless connection works like a champ.


Another thing to note is my ip address is static. Not by my design. I noticed about 3 months ago that I always have the same ip address and then realized recently that isn't normal and why it isn't. I called my isp and they told me that there wasn't much they can do about it. Hard to believe, but that is what they said. I'm not sure how long it has been like this. I also notice a print server connected to us that our "router logs" will state that it is rejecting, yet I will see in other areas that it is connected. Not sure what to make of that. You can literally see the server when you put your courser over your wireless icon in the available connections. (That is a recent thing as far as it's visibility in the connections.)

Also...this could be normal...seems unlikely..but when I do a trace route on my bf's "rooted" G1 phone and our home ip address, they originate from the same ip. which is 173.160.113.30., obviously we have some dynamic dns action going on at the casa, I don't know about his phone.

I also found our ip address in this weird link to some guys virtual website. Not sure what all that means, maybe you can help me out with that.

[topic="BigWax Dyndns"][topic="Bigwax.dyndns"]http://bigwax.dyndns.org/asp/aspbrowsedir/BrowseDir.asp?ForFileOnly=NotEmpty&CurrDrive=c:&CurrFileFilter=%28All%29%20*.*&FileSpec=C:\WINDOWS\system32\Logfiles\W3SVC1\ex100808.log&FileFilter=%28All%29%20*.*[/topic][/topic]

In closing...I am well versed in internet security. In case I wasn't....I paid a guy 90.00 to physically come to my home and check my system many months back. I still knew something wasn't right when the same day my ipv6 tunnels were right back.

Did I mention he found a vnc viewer on my bf's computer......... :flowers: ( He swears he doesn't know where it came from) On the other hand....he doesn't have the password to the router etc. etc. or should I say /etc. ( inside joke)


Windows 7
Acer 5534
Charter ISP

Okay....Any help is greatly appreciated!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:28 PM

Posted 03 September 2010 - 01:01 AM

Can you perform the following:

go to start then run and type in cmd hit enter and in the big black box type in netstat -ano and post the output here.

I want to see if you have port 80 open on your computer.

#3 christijacks2

christijacks2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 03 September 2010 - 09:59 AM

Thanks for your quick response! I tried to modify the properties of my command window and still couldn't pull off the copy and paste function so I took some screen shots. I also uploaded a shot of one of the wire shark packets to show you that it seems that all the packets are filtered out through two ports. I have noticed that on each packet that I look at. There is a higher port, like 50114 and then a lower port like port 53. Obviously, there seems to be a Linux server somewhere in the mix, but how do I figure this out short of changing ISP providers and kicking out the bf who claims innocence?


Posted Image




Posted Image



Posted Image




I thought this was interesting. I guess the virtual network address is the 10.0.0.0.


Posted Image



Here is a shot of when they logged into my router....it is about 7 shots and I didn't want to load up the whole page but you can see where my wireless was turned off and I was hardwired in and then after wards I had no connection and now my hard wire connection doesn't work. It's nuts! I know my bf is sharp...don't get me wrong...but seems to me this would have to be done via software or some pre written code or someone who is real smart. Heck....he even calls himself Houdini. Whoever it is, it's out of control. When I tell someone all the stuff that has happened over the last eight months they look at me like I need medication because when they run all their scans they are unable to find anything. LOL

Posted Image


Posted Image




Okay....look forward to your feedback.

:thumbsup:

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:28 PM

Posted 03 September 2010 - 11:55 AM

What version of Windows 7 is this?

It seems you are running an FTP Server of some kind as seen in your last image.

This would indicate to me that IIS is installed and running.

Can you take a screenshot of all your services that are running via Control Panel > Administrative Tools > Services.

#5 christijacks2

christijacks2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 03 September 2010 - 01:36 PM

Wow! You really are quick! I appreciate it!

As usual, I'll give you a little more than you ask for as I am always thinking of other pieces to the puzzle that might help. Here are the shots you requested first. I am operating on Windows Home Premium 64 bit. It is what came with my computer when it was purchased. Nothing has been upgraded...hardware or software.

Posted Image


Posted Image


Posted Image


Posted Image


Posted Image


Posted Image


Posted Image


These other shots I took are of these services that you can see are active, simply because the balls are spinning. Over the course of this last year this whole situation has been ever changing. For instance when I first discovered this, I found hidden .rar files all over my computer that were being filtered out. They were audio and video files. I can't tell you how freaked out I was. At one point I was able to direct them back to a file in my computer instead of going out. Honestly...it was an accident as I can't tell you how I achieved that one. LOL

I ran a program called Belarc and it would look at my whole network and tell me that my computer was a Samba Server and that my bf's was "System" (If he unhooked his desk top, his itouch became "system"). Of course I would complain and freak out about why I didn't have admin rights on my pc and what the **** was a Samba Server! LOL Then....after I formatted one day....it "STATES".....no more samba server and I do have admin rights....but it's been so nuts that I don't trust anything. I have set my settings no "no file share or data streaming, only to go back the next day and it's back to allow. One time I shut down so much of my firewall that I deleted the whole dang thing and had to download another one because I didn't know how to fix it. HA! So as you can see......I graduate to packet monitoring.

Okay....More Pics!

Only the last ball that states system apps spins, the others don't, they used to, but not any more.

Posted Image


Posted Image


These others.....well....might be normal.....just something doesn't seem right. All those numbers seem to reference files..who knows..could be normal. The balls don't spin, but now we have all those files below....not sure??

Posted Image


Okay....it's great to hear you don't think I'm nuts.

Thanks again.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:28 PM

Posted 03 September 2010 - 01:42 PM

I dont see any FTP or IIS Programs being ran in your services. Can you disable remote administration on your router? Also call your ISP and have them change your IP.

#7 christijacks2

christijacks2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 04 September 2010 - 02:28 PM

I log onto my router almost daily and check the settings....I know...neurotic at this point. Here is a screen shot of the remote access settings. You have to turn them on to gain access. They are set to off by default. I even change the default ports just to make myself feel better, even though it's not turned on. LOL

Here is the screen shot of that setting, correct me if I am wrong. ( I colored out remote address due to paranoia. ha! )


Posted Image



Regarding my ISP. I did contact them two days ago about the ip address situation and they said there wasn't much they could do as they issue me a new ip address every 24 hrs and stated that there must be a "third party service" on the line that was maintaining the static ip address. I was pretty frustrated with them and even stated that the only solution to the situation would appear to be to change internet providers.

One other thing to note, while I haven't dug into my firewall yet, last go around after the vnc viewer was discovered on the bf's computer....I couldn't really find any firewall exceptions on my PC speaking to a vnc viewer. However, one day I booted into safe mode to look at some other files and figured I'd browse over to the firewall settings and noticed that the settings seemed much different in safe mode and when I scrolled all the way down to the bottom there was the vnc firewall exception.

So......I guess my question is ....do we have just some hidden programs running in the background in "stealth" mode, or would it be something else? My wired connection still doesn't work. My PC states that all is a-okay. I have deleted the driver and reloaded a new one etc. etc. Still no good. Prior to the anonymous log on it worked.

I'm going to call my ISP again and raise a little more hell with them and see if I can get some more help. Maybe go down there in person. I contacted dyndns.org to see if they had this ip address listed in their services, so I am waiting to hear back. Do you know if there is a way I can dig in to that any deeper?

Oh....and one more thing. Would there be anyway to figure out who owns this "server"?

I really appreciate your help!

Christi

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:28 PM

Posted 04 September 2010 - 02:31 PM

Download the following:

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


Make sure you run full scans of MBAM and SAS, and make sure they are updated.

Lets see what the scans can see.

#9 christijacks2

christijacks2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 05 September 2010 - 01:28 AM

Well....as I expected it didn't come up with much. Malwarebytes found nothing.

Super-Anti Spyware found lots of cookies, which was a little surprising as I just reformatted 4 days ago. I spend more time digging in files than on the internet, but here is the output of that situation.

C:\Users\Christi\AppData\Roaming\Microsoft\Windows\Cookies\christi@doubleclick[1].txt
C:\Users\Christi\AppData\Roaming\Microsoft\Windows\Cookies\Low\christi@statse.webtrendslive[1].txt
C:\Users\Christi\AppData\Roaming\Microsoft\Windows\Cookies\Low\christi@doubleclick[1].txt
ad.yieldmanager.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ehg-chartercommunications.hitbox.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.charter.112.2o7.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.advertising.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.advertising.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.advertising.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.advertising.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ehg-chartercommunications.hitbox.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.advertising.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.kontera.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.kontera.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.kontera.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.advertising.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.xiti.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.advertising.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.chitika.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
n.w.h.cltomedia.info [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.cltomedia.info [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.zedo.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.zedo.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
cltomedia.info [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.zedo.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.zedo.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.zedo.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
1zz.cqcounter.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
googleads.g.doubleclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adxpose.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.qsstats.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.revsci.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.qsstats.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.revsci.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.netgear.122.2o7.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trackalyzer.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.linuxquestions.org [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.linuxquestions.org [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.www.linuxquestions.org [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.www.linuxquestions.org [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.www.linuxquestions.org [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.linuxquestions.org [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.linuxquestions.org [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.linuxquestions.org [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.revsci.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.spielerstats.de [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.spielerstats.de [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.spielerstats.de [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.spielerstats.de [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.eaeacom.112.2o7.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
us.2.cqcounter.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adecn.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.amex-insights.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.websitetrafficspy.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.websitetrafficspy.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ru4.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ru4.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ru4.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
waptrack.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
waptrack.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
waptrack.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
waptrack.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.waptrack.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.waptrack.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.revsci.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.enhance.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.enhance.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
counter.surfcounters.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.yadro.ru [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.revsci.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.revsci.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.burstbeacon.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
www.burstnet.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.edgeadx.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ru4.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ru4.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.ru4.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.revsci.net [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.www.burstnet.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]
pixel.invitemedia.com [ C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\jxqvj1re.default\cookies.sqlite ]

And GMER found nothing as well.


What has been interesting is other than the routes on the network...things have been fairly quiet today. I did notice yesterday that my yahoo chat wouldn't connect to my internet, some winnit error. Could be some conflict with a firewall setting or something. I guess I'll see where I can get with my ISP.

One other thing I ran was this Belarc program. I'm sure you have heard of it. I took some screen shots for you. I noticed my admin rights were gone again which is what prompted the download. If you notice it I showed you two that look nearly the same except when I curse over the word administration it states that the account is 417 days old and has only been logged into 4 times. I guess we can think of all kinds of reasons it would say that.

Yet last time I had it on my pc it had been stating logged into 3 times etc etc. ... then my bf got his phone and had rooted it......I was checking it out...thinking....this is cool. I saw "Dev Tools"....that was enough to make me nervous. LOL So I start looking around there. Under Google Talk there are all kinds of ip addresses and settings that kind of look familiar but can't quite place them. I saw something that said..." admin log in 1" . That day I grabbed my pc and ran that program.....and sure enough...Admin log in's .....1!

Then if you see the apple item in our home you'll see notice it says "System" It used to say Mac..yada yada...and then his desk top would state system. It was turned off during that scan.

Also, if you see my Local area connection it has a 169.....ip address. I do see that in the packet monitoring. Not today of course. ( I think they are waiting for you to give the "A-okay...nothing is on your Pc" Which I agree....there isn't now.....LOL

I have gone on way too long, here are the pics. I'll talk with the ISP and let you know what they say.

Thanks!

Christi

Posted Image


Posted Image


Oh yea....and the updates with the red lock failed verification???


Posted Image


Posted Image


One other quick question....has firefox always "hosted" all of your program files online as a "complementary" service?

Posted Image

Edited by christijacks2, 05 September 2010 - 01:42 AM.


#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:28 PM

Posted 05 September 2010 - 04:57 AM

All those images are benign. In windows Vista and 7 the administrator account is disabled due to UAC being active. In the last one that is called local folder browser/access which is also do able from within IE as well. the file:/// is a URI handler for local files. You can ignore it.

I think that the persons computer that has your IP on it is that way because you browsed to that site.

If you have nothing forwarded and you have remote access off then the likelihood of malicious activity is nil.

#11 christijacks2

christijacks2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 05 September 2010 - 09:05 AM

Okay, I'm going to take your word for it. Thanks for all of your help and explanation !!!


Oh....oh.....one other thing.....You noticed that my hard line connection was 169.254.*** which usually means no service. So this afternoon I am getting packets coming across that look like this. ( The mac address ending in 69:69 is the bf's itouch. He wasn't at the house when these packets came across. ) Am I reading this right?? Is that his Itouch connecting to my PC through that hard line? I could just be reading that wrong. I am not a professional be any stretch. Hairdresser by profession. ;-)

Posted Image

I'll let you know about the ISP! Again Thanks! Enjoy your holiday weekend!!

Christi

Edited by christijacks2, 05 September 2010 - 03:06 PM.


#12 christijacks2

christijacks2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 08 September 2010 - 12:59 PM

Okay.....So...spoke with Charter and explained the situation. I spoke with one of their tech people who was much more helpful and understanding than their customer service person. After hearing my story....she said, "it sounds like you are hacked" LOL I agreed. HA Anyway....So the bf came home and I told him the news of no internet connection for the evening. He said he "had to work" and when he connected it I asked him to do an ip config and the ip had changed to an 71.91.****. It was a little different...but honestly, only those last numbers were different. So I wasn't real happy about that but, thought I'd give it the evening and see what happened in the morning.

Oddly, during the late hours of the evening I was just looking over files on my pc and I saw my windows update show that updates were ready to be installed. Didn't seem quite right since I didn't have any connection and hadn't had any for hours.

So then this morning...I connect to the internet and I connect just fine. The ip address seems to have changed again. Now it is 66.***.*** Yada yada. So I'm happy to see that. Then Gary's computer which only has a hardline won't connect to the internet, even straight from the modem he couldn't connect. So I went upstairs and jacked around with it and then had to leave the house real quick...came back....jacked with it some more and he finally had a connection. When we got it all connected I noticed that my Avast anti virus started downloading a huge file, not just an update. Then said I needed to reboot my pc for it to take effect....seemed odd!

So I went to the update to investigate what it was and here is what I discovered. Maybe you can help me crack this case. I see all the pieces to this puzzle I just can't pull them together, and more importantly what is the answer.

Okay....So When I connected first thing this morning, I noticed my firewall is blocking this ..."no service address." Which I think is the address of this "print server" that looms around here. I can't figure if it is real hardware, or something virtual or what??

Posted Image

Posted Image



Okay....the here is the file that downloads from avast when I connect.


http://i63.photobucket.com/albums/h127/jackson5955/173.jpg


So I search that link with the IP address and this was the result:


Posted Image


If you look at the link that states "denied" when you click on that one and then search that ip address that leads you to a very interesting link!!!!

It is basically the server that I have been flipping out about all of this time. It references me as a user by my user type...or whatever they call that and also has my new ip address on it.

Visit My Website


Whatcha think??

I hope you get this soon....I'm sure that link will be broken soon....you know what I mean. LOL

Thanks a million for all of your help. I really have been going out of mind with this situation.

Have a good one!

Christi

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:28 PM

Posted 08 September 2010 - 01:10 PM

Your ISP uses DHCP or Dynamically assigned IP addresses that can change at any point in time during the day. Can you send me a PM with the IP addresses that you are concerned about, and also i see that you have a lot of wireless networks within your vicinity, and can I ask if you are using only the one that you are allowed to use? If not then that could explain the IP address switching. I would highly advise that you stop using other peoples network accesses. I would also strongly advise that you use a wired connection.

As far as your avast log is concerned those IP's are all benign and should be alert you. It would only cause more paranoia. The IP that is shown in those logs is what Microsoft and other people give out when an IP address cannot be given out.

So far I see no evidence that you are hacked and that someone has complete control over your computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users