Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple programs opened by themselves


  • Please log in to reply
17 replies to this topic

#1 _Mark

_Mark

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 05 November 2010 - 06:18 AM

Hello. This is my first post to this forum so please forgive me if I omit any important information.

Computer info and OS:
Windows Vista SP2 (up to date with Windows updates)
T8300 Core 2 Duo 2.4Ghz
3.00 GB RAM

Anti-Virus etc:
McAfee Virus scan enterprise 8.5.0i (up-to-date)
MalwareBytes Anti-Malware

Problem:
A couple of days ago I was running google chrome and had open gmail and a website called hotukdeals.com (used many times before). I was also running Excel and had a couple of files open. Without any obvious action from myself I noted that McAfee's on access scanner fired up. It gave me a blank window where I was expecting to see the details of some problem on my computer. At the same time a whole load of windows opened up. One of the windows was McAfee's update window, somehow I don't remember much about what the other windows were. I didn't like what I saw so I shut down the machine and restarted. I started to run a full system virus scan with McAfee, and also with MalwareBytes Anti-Malware. Both found nothing. I also looked at the logs from McAfee. At the time that I had the problem the log says that the on-access scanner found 6 files, but it doesn't say that it quarantined any of them.

I've not had any issues since, but obviously I am worried. I'm worried because I don't know if the problem files are still around, and I'm worried because I don't know what caused the problem in the first place. The fact that all those windows were opening made me think that whatever was happening seemed to have a lot of power over my computer. I don't know what to do as a next step since the scans I did returned no results.

I'd really appreciated any guidance that anyone might be able to provide me with. Apologies for not remembering exactly what windows opened up, I was too engaged in trying to make sure nothing too bad happened to my machine.

Thanks a lot

Mark

BC AdBot (Login to Remove)

 


#2 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:03:13 AM

Posted 05 November 2010 - 05:44 PM

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


#3 _Mark

_Mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 08 November 2010 - 12:15 PM

Thanks for the reply.

I've followed the instructions and the results are below. It may be worth mentioning that after restarting my computer normally (after running the scans in Safe-Mode) I got a message after the login screen saying 'Please Wait' within a very basic looking window (not the usual Vista visuals), and then the look of my Windows session was Windows NT style. I don't really know if that was supposed to happen so that is why I've mentioned it. Everything still looks Windows NT - I have not bothered trying to change it back yet.

Here is the SUPERAntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/08/2010 at 02:30 PM

Application Version : 4.45.1000

Core Rules Database Version : 5823
Trace Rules Database Version: 3635

Scan type : Complete Scan
Total Scan Time : 03:38:36

Memory items scanned : 301
Memory threats detected : 0
Registry items scanned : 9776
Registry threats detected : 0
File items scanned : 372553
File threats detected : 633

Adware.Tracking Cookie
.imrworldwide.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
counter.hitslink.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mydeco.112.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.ist-track.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.track.webgains.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.iad.liveperson.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dealtime.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dealtime.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dealtime.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.dealtime.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dealtime.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.dealtime.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.dealtime.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.dealtime.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dealtime.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.dealtime.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.enterprisemediagroup.112.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.prnewswire.122.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wjloskczkeo.stats.esomniture.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yourcounty.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yourcounty.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yourcounty.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ehg-techtarget.hitbox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cnetasiapacific.122.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.msnportal.112.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
cn.clickable.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.virginmedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clickshift.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clickshift.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clickshift.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads1.mumsnet.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.122.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.zanox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zanox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ehg-tfl.hitbox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ehg-tfl.hitbox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ehg-tfl.hitbox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kantarmedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.newsquestdigitalmedia.122.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.aldi.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.aldi.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.videoegg.adbureau.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.dc-storm.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.footballmedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hornymatches.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hornymatches.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hornymatches.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fls.doubleclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fls.doubleclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
trafficking.nabbr.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficregenerator.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficregenerator.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
accountservices.betfair.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.weborama.fr [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.vdwp.solution.weborama.fr [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.vdwp.solution.weborama.fr [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.vdwp.solution.weborama.fr [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.vdwp.solution.weborama.fr [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www3.smartadserver.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.uk.at.atwola.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ww251.smartadserver.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.uk.at.atwola.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.itsfogo.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
user.lucidmedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ehg-penguingroupusa.hitbox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.linksynergy.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.uk.at.atwola.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.linksynergy.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.internetworldstats.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.internetworldstats.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.internetworldstats.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.internetworldstats.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.himedia.individuad.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.himedia.individuad.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kantarmedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver1.mokono.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver1.mokono.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver1.mokono.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver1.mokono.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.avgtechnologies.112.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.honestjohn.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
handpickedmedia.co.uk [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atwola.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
banners.totesport.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
banners.totesport.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.banners.totesport.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
banners.victor.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
banners.victor.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.banners.victor.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.clickmanage.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.clickmanage.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adviva.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adviva.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adecn.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6aek4khdpicq.stats.esomniture.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
network.alluremedia.com.au [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Dec\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
acvs.mediaonenetwork.net [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
atdmt.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
broadcast.piximedia.fr [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
cdn4.specificclick.net [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
cdn5.specificclick.net [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
cloud.video.unrulymedia.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
crackle.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
ec.atdmt.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
gw.callingbanners.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
ia.media-imdb.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
img-cdn.mediaplex.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
m.uk.2mdn.net [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
m1.2mdn.net [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
m1.emea.2mdn.net [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
media.mtvnservices.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
media.scanscout.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
media.tattomedia.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
media01.kyte.tv [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
mediaforgews.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
msnbcmedia.msn.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
objects.tremormedia.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
rmd.atdmt.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
s0.2mdn.net [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
secure-us.imrworldwide.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
serving-sys.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
spe.atdmt.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
track.omguk.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
track.webgains.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
tracker.castrolfootball.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
tracking.onefeed.co.uk [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
video.unrulymedia.com [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
virginmedia.a.mms.mavenapps.net [ C:\Users\Dec\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P754XFBF ]
C:\Users\Dec\AppData\Roaming\Microsoft\Windows\Cookies\Dec@adbrite[1].txt
C:\Users\Dec\AppData\Roaming\Microsoft\Windows\Cookies\Dec@content.yieldmanager[2].txt
.statcounter.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
stats.e-go.gr [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.ehg-fifa.hitbox.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.newlook.112.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
stat.dealtime.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.122.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.xiti.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.122.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
www.clickmanage.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
www.clickmanage.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
fr.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
fr.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.flightstats.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.flightstats.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
tracking.dc-storm.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
my.stats2.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
menmedia.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
passport.menmedia.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.122.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.122.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
es.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
fr.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
fr.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wfkisndzmfo.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wflicgdzkfp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wfmigkdjadp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.ehg-iwantoneofthose.hitbox.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.findstone.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.findstone.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.tracking.keywordmax.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wfkoojczmhp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wjnyaodpoaq.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wcl4wid5ihp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wdk4ajc5olp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6whlyoiajkhp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wakykkdjieo.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.whatthebleepismysocialmediastrategy.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.whatthebleepismysocialmediastrategy.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.whatthebleephouldimakefordinner.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.whatthebleephouldimakefordinner.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.whatthebleephouldimakefordinner.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.dealtime.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.dealtime.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
www.media-market.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media-market.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media-market.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.dialaphone.122.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
www.ist-track.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wgkiajd5ckq.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
stats.renault.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
stats.renault.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wgmighcpoko.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wgmyejazkfo.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wdk4ugczghq.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wgkiakczadp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
stats.endsleigh.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
stats.endsleigh.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wnkogpcjobo.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wjnyaoazsao.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wjl4aoazmbp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wnl4wldjwgp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wfk4sicjglo.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
tracking.dc-storm.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.sonyeurope.112.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.discounttv.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.discounttv.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wbkocodjsep.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.nextag.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.nextag.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.nextag.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.nextag.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.nextag.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.nextag.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.nextag.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.dealtime.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wfkiwodpeaq.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.microsoftwga.112.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wjkyupczikq.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.bizrate.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.bizrate.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.www.dealtime.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
banners.audioholics.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.ru4.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.ru4.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adviva.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adviva.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.uk.at.atwola.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
track.adform.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.track.webgains.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
ad1.emediate.dk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wflicnc5aap.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wjmyqlcjwlp.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wml4uldzwgo.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.eaeacom.112.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
fr.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
fr.sitestat.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.chitika.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.mydeco.112.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.staticwhich.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adtech.staticwhich.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
www1.dealtime.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
www1.dealtime.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
tracking.dc-storm.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.kontera.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.kontera.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.kontera.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.e-2dj6wjk4spdzeap.stats.esomniture.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.zedo.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.zedo.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.yadro.ru [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.yadro.ru [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.cnetasiapacific.122.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.ehg-techtarget.hitbox.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.uk.insight.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.uk.insight.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.uk.insight.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
uk.insight.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
server.lon.liveperson.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.dealclick.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.dealclick.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
www.dealclick.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
ads2.honestjohn.co.uk [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
www.stopzilla.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.adxpose.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.lgelectronics.122.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.ehg-newscientist.hitbox.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.ehg-newscientist.hitbox.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.myap.liveperson.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Dec\AppData\Roaming\Mozilla\Firefox\Profiles\q9kgriuq.default\cookies.sqlite ]
C:\Users\Decpo\AppData\Roaming\Microsoft\Windows\Cookies\Decpo@2o7[1].txt
C:\Users\Decpo\AppData\Roaming\Microsoft\Windows\Cookies\Decpo@apmebf[2].txt
C:\Users\Decpo\AppData\Roaming\Microsoft\Windows\Cookies\Decpo@atdmt[1].txt
C:\Users\Decpo\AppData\Roaming\Microsoft\Windows\Cookies\Decpo@doubleclick[1].txt
C:\Users\Decpo\AppData\Roaming\Microsoft\Windows\Cookies\Decpo@fastclick[1].txt
C:\Users\Decpo\AppData\Roaming\Microsoft\Windows\Cookies\Decpo@interclick[1].txt
C:\Users\Decpo\AppData\Roaming\Microsoft\Windows\Cookies\Decpo@microsoftinternetexplorer.112.2o7[1].txt

By the way, sorry for my delay in responding. My internet connection was down over the weekend.

#4 _Mark

_Mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 09 November 2010 - 05:08 AM

As some additional information:
I tried by myself to work out what was going on some time last week using ideas from the forums on bleepingcomputer. I ran hijack this and noted that there was an entry 'conime.exe'. I did some research and found mixed evidence for whether this is a real threat. However I did note that when my computer became very slow (something I noted just now while typing) there was a process called conime.exe running. I immediately terminated it and then my computer speeded up. From the research I've done this suggests to me that someone could be remotely controlling my computer, so my level of concern has just gone up!

Edited by _Mark, 09 November 2010 - 05:10 AM.


#5 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:03:13 AM

Posted 12 November 2010 - 04:25 PM

Hi Mark, sorry for the delay, I have been quite busy this past week, and might take a bit longer than usual to reply.

The information about your display style changing to NT style is very strange, in the control panel, is it set to NT, or is it still set to Vista theme but just looks like its NT?

I see that you ran MBAM with no detections found, could you please update and run a full scan with MBAM please. Post the log file in your next reply.

Have you tried any online scans while you were waiting? Or any scans at all for that matter

#6 _Mark

_Mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 November 2010 - 04:30 AM

Thanks Sightless.

In the control panel the theme got set to 'Windows Standard'. I did actually get tired of seeing it and changed it to 'Vista Basic'. Interestingly it didn't change back to 'Windows Standard' despite me restarting my machine a few times - until this morning! I ran a full MBAM scan in Safe Mode, and then upon restarting back to normal, the theme was reset again to Windows Standard. When the theme changes (whether I make the change or if it happens by itself) there is a message displayed saying 'Please Wait'. This is the message I mentioned in a previous post, and I don't think any longer that the message itself is suspicious. I am wondering however what is making the theme reset on its own, and why that only seems to happen when I restart from previously having been in Safe Mode.

I've only done one full system scan with McAfee since my last posts (no online scans), and it came up with nothing - just like MBAM did last night...log below:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5099

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

13/11/2010 01:15:30
mbam-log-2010-11-13 (01-15-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 522891
Time elapsed: 1 hour(s), 56 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:03:13 AM

Posted 13 November 2010 - 01:46 PM

Hi, I see that you ran MBAM in safe mode, MBAM is meant to run in normal mode to utilize its full power, if you could, please run a quick scan in normal mode after updating MBAM.

Let's try an ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications (If given the option, choose "Quarantine" instead of delete.)
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


#8 _Mark

_Mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 November 2010 - 04:45 AM

Thanks again. I did a full MBAM can in normal mode. It again came up clean (see log below). The eset scan was more interesting though (log in next post).

MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5111

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

14/11/2010 14:53:47
mbam-log-2010-11-14 (14-53-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 515444
Time elapsed: 2 hour(s), 56 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 _Mark

_Mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 November 2010 - 04:53 AM

Eset found something. The log is below:

C:\Users\Dec\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\dd00e8b-4ed64bcf multiple threats deleted - quarantined
C:\Users\Dec\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\70d329ed-3e3d9fb8 Java/Exploit.Agent.NAL trojan deleted - quarantined
C:\Users\Dec\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\787f39b9-7e7150a5 multiple threats deleted - quarantined

I did a bit of searching around about the NAL trojan and didn't find much, so I'm not sure how much of a threat it was, and also whether it could explain the behaviour I saw that made me think there might be a virus on my machine.

There's also the lingering doubt I have about the conime.exe process. Each time I see my computer being slow (this happened once whilst the eset scan was running and after the trojan had been detected) I check the task manager and tend to see conime there - at which point I terminate it. This web page says something about it being associated with certain trojans (though the one eset found does not seem to be on the list, though eset may name the trojan differently to others):
http://www.threatexpert.com/files/conime.exe.html

So I'm happy that something showed up, but not convinced yet that all is ok.

Thanks

#10 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:03:13 AM

Posted 16 November 2010 - 07:08 PM

Hi, could you do a search for the conime file on your computer?
Start -> Search
Select "all files and folders" on the left panel. Now type conime in the "All or part of file name" box, set it to search your whole hard drive, and click "Search"

If it finds the file, jot down the file name, then go to http://www.jotti.org and upload the file to be scanned.

NAL seems to be a trojan downloader. You may want to clear your Java cache before you update Java. Follow the instructions here on how to clear the Java cache.

Those infections seem to have infected you through Java, you should update your version of Java to the newest version to prevent infection.. Visit Java's Update Site and download either the online or offline installer to update your Java version.

Kaspersky seems to have a knack for detecting infections related to "Conime"

Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

* Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
* Open the Kaspersky Scanner page.
* Click on Accept and install any components it needs.
* The program will install and then begin downloading the latest definition files.
* After the files have been downloaded on the left side of the page in the Scan section select My Computer
* This will start the program and scan your system.
* The scan will take a while, so be patient and let it run.
* Once the scan is complete, click on View scan report
* Now, click on the Save Report as button.
* Save the file to your desktop.
* Copy and paste that information in your next post.



This scanner will only scan. It does not remove any malware it finds.

Please post back with:
- Kaspersky Log
Results of the Jotti scan
Any further questions
How your computer is running

Edited by Sightless, 16 November 2010 - 07:09 PM.


#11 _Mark

_Mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 18 November 2010 - 11:48 AM

Thanks for the reply. Unfortunately the kaspersky scanner seems not to be available at the moment. Indeed it isn't obvious when it will be since they seem to be changing the software, and they are at the same time offering a trial of their downloadable software instead of the online scane - i.e. doens't look like it will be back again very soon. Having said that the link that you gave did take me to their online scanner; it just didn't work.

I've tried out the other steps though.

My java cache is now cleared and I was already up to date with the version.

I found four copies of conime.exe and jotti considered them all to be clean. Three instances of conime were in my Windows/winsxs/ folder and the other was in Windows/System32/

I would say that my computer is running slower than it should be (it can take a while to display the contents of a small folder) and to open some files up, but this is something that has been getting gradually worse anyway as my computer has got older so I'm not sure that anything malicious is definitely to blame - unless there has been something on my computer for a long time.

So since the kaspersky scan didn't work out I'm not sure where to go from here, though jotti didn't say anything nasty about conime. By the way I've noted that conime seems to start when I use some software I have called Ox (it is a not-so-popular numerically centred programming language that I sometimes use). I don't think that Ox is something to be suspicious of, but is it possible that a previously fine program (that is not well known enough to be targeted I guess) can become infected somehow? I don't want to go over the top about conime though either, maybe I've made too much of it and it really is harmless.

Thanks a lot for the help.

#12 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:03:13 AM

Posted 19 November 2010 - 05:54 PM

I am beginning to think conime is not malicious, but it is odd to be located in the system32 folder.

Do you know if conime is related to the Ox program; has it always started with Ox, or only recently when you started noticing issues?

Have you defragmented your hard drive recently?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 19 November 2010 - 11:39 PM

The conime.exe is a Console IME (Input Method Editor).

This file is part of Microsoft Windows Operating System. Conime.exe is developed by Microsoft Corporation. It’s a system and hidden file. Part of an Asian language pack. Safe when in /System32 or in /SysWOW64(on Vista x64)

Search your PC for these files

BFGhost.exe
editmm.exe


Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 _Mark

_Mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 21 November 2010 - 06:19 AM

Thanks once more for the replies.

conime.exe is something that I only started to pay attention to after running hijack this a couple of weeks ago. I didn't know how to interpret the results of hijack this so I just did searching around about some files I hadn't heard of before. I then started to use the task manager to see if/when conime.exe was running. It took a little time for me to realise that there was an associated with Ox. I've also more recently noted that it can start at other times too (when just browsing the web). I don't know how it is connected to Ox, or what had been happening in the previous couple of years when I was using Ox. I have noted though that conime doesn't seem to start when I'm using Ox to edit text, it only happens when I try to run some code (Ox has a text editor and within that an option to run code).

I didn't find BFGhost.exe or editmm.exe.

I defragment the hard drive on a weekly basis so I can't blame that for my computer being slow.

The f-secure scan did find a few things, though I'm not sure that they are all actually suspicious (particularly those associated with Rainmeter). Some of what the scan found were not cleaned. I'd be interested in knowing what to do with those files. Can I just delete them (if I don't care about the programs that they are associated with)?

Here is the log:

Scanning Report
Sunday, November 21, 2010 20:59:10 - 10:53:49

Computer name: DECT
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
42 malware found
TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

Suspicious:W32/Malware!Gemini (spyware)

* System (Disinfected)

TrackingCookie.Adtech (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Adbrite (spyware)

* System (Disinfected)

TrackingCookie.Webtrends (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TILES\WEBSITES\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TILES\LAUNCHER\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TEXTITEMS\TWITTER\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TEXTITEMS\READER4\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TEXTITEMS\TODOLIST\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TEXTITEMS\READER3\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TEXTITEMS\READER2\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TEXTITEMS\READER\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TEXTITEMS\NOTES\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\TEXTITEMS\GMAIL\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\WORLDCLOCK\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\WEATHER\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\USER\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\SPEEDFAN\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\SLIDESHOW\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\MAIL\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\LAUNCHER\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\HARDDRIVES\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\ALARM\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\PANELS\ADOBE\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\COMMON\BLANK2\CONFIG\34.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\COMMON\BLANK2\CONFIG\4.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\COMMON\BLANK2\CONFIG\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\COMMON\BLANK2\RAINCONFIGURE.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\WP7\BACKGROUND\CUSTOMIZABLE\CONFIG.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\USERS\DEC\DOCUMENTS\RAINMETER\SKINS\ENIGMA\RESOURCES\VARIABLES\ENIGMACONFIGURE.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\RAINMETER\SKINS\ENIGMA\RESOURCES\VARIABLES\ENIGMACONFIGURE.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\RAINMETER\ADDONS\RAINTHEMES\RAINTHEMES.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\RAINMETER\ADDONS\RAINBACKUP\RAINBACKUP.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\RAINMETER\ADDONS\RAINBROWSER\RAINBROWSER.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\RAINMETER\ADDONS\NIRCMD\NIRCMDC.EXE (Not cleaned)

Backdoor.Generic.343070 (virus)

* C:\NAVIGO MODS\TOMTOM\TOMTOM 7.910.9185 WITH 830.2306 WE 1GB MAP AND KEYGENS\TOMTOM MUPPET PROOF KEYGEN V3.1C\TOMTOM3.EXE (Renamed)

Trojan.Generic.4774553 (virus)

* C:\NAVIGO MODS\TOMTOM\TOMTOM 7.910.9185 WITH 830.2306 WE 1GB MAP AND KEYGENS\TOMTOM MUPPET PROOF KEYGEN V3.1C\MSINET.OCX (Renamed & Submitted)

Statistics
Scanned:

* Files: 131097
* System: 4514
* Not scanned: 19

Actions:

* Disinfected: 9
* Renamed: 2
* Deleted: 0
* Not cleaned: 31
* Submitted: 28

Files not scanned:

* C:\PAGEFILE.SYS
* C:\HIBERFIL.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\USERS\DEC\APPDATA\LOCAL\TEMP\HSPERFDATA_DEC\1400
* C:\USERS\DEC\APPDATA\LOCAL\TEMP\HSPERFDATA_DEC\5480
* C:\BOOT\BCD

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 21 November 2010 - 03:30 PM

HI Ok ,the rainmaker is an application you have downloaded.. Tiles were submitted in caes of infection.
The fact that these,BFGhost.exe or editmm.exe,were not present prove that the conime was not malware.


Please download CKScanner and save it to your Desktop. <-Important!!!
  • Double-click on CKScanner.exe and click Search For Files.
  • If using Vista, right-click on it and Run As Administrator.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A text file will be created on your desktop named ckfiles.txt.
  • Click OK at the file saved message box.
  • Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.


The ones after that look like malware from Crack or Keygen software.

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!! {Credit Quietman7}
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users