Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • Please log in to reply
9 replies to this topic

#1 RadioRob

RadioRob

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 01 December 2010 - 06:03 PM

Hi, a first time poster here so my apologies if I am breaking protocol on the forum.

I have recently contracted a google redirect virus. I run Windows Vista (Home Basic) and I use McAfee Security Centre and MalwareBytes on the device.

Upon finding the virus on my device I ran Malware Bytes which found 4 trojans and seemingly removed all four. Prior to this action google redirected on every search while post-action I find around 1 in 10 searches is redirected.

I am in the process of running Malware Bytes for a second time, however, I have a feeling that I may need to run combofix. Having heard of some of the dangers of using said program I thought I would again a second opinion. I am hoping there may be other stages I have overlooked in dealing with this problem.

Any advice you may be able to provide would be much appreciated.

Many Thanks

Rob

Edit - Just upon closing this post McAfee appeared saying it had found a trojan call Arimitis (sp?) My apologies for not getting the full spelling a details, the caption box closed prior to me noting the name and I can't find further details in McAfee.

Edited by RadioRob, 01 December 2010 - 06:10 PM.


BC AdBot (Login to Remove)

 


#2 RadioRob

RadioRob
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 04 December 2010 - 07:56 PM

My apologies for the bump, but any assistance would be fantastic.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:34 PM

Posted 04 December 2010 - 09:40 PM

Hello and welcome.

Please post that last MBAM log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 RadioRob

RadioRob
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 06 December 2010 - 03:15 PM

Hi there, thank you for you advice. I have run both TDSS Killer and Malware Bytes.

First of all you asked for my last MBAM log. This is it:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5184

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24/11/2010 4:32:01 PM
mbam-log-2010-11-24 (16-32-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 278067
Time elapsed: 1 hour(s), 39 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Steph\AppData\Local\Temp\171645809.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Users\Steph\AppData\Local\Temp\tmp3152.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Steph\AppData\Local\Temp\tmp54E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully

.


I then ran TDSS Killer and this the log from that:

2010/12/06 11:46:36.0068 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 11:46:36.0069 ================================================================================
2010/12/06 11:46:36.0069 SystemInfo:
2010/12/06 11:46:36.0069
2010/12/06 11:46:36.0069 OS Version: 6.0.6001 ServicePack: 1.0
2010/12/06 11:46:36.0069 Product type: Workstation
2010/12/06 11:46:36.0069 ComputerName: STEPH-PC
2010/12/06 11:46:36.0070 UserName: Steph
2010/12/06 11:46:36.0070 Windows directory: C:\Windows
2010/12/06 11:46:36.0070 System windows directory: C:\Windows
2010/12/06 11:46:36.0070 Processor architecture: Intel x86
2010/12/06 11:46:36.0070 Number of processors: 2
2010/12/06 11:46:36.0070 Page size: 0x1000
2010/12/06 11:46:36.0070 Boot type: Normal boot
2010/12/06 11:46:36.0070 ================================================================================
2010/12/06 11:46:37.0741 Initialize success
2010/12/06 11:47:33.0845 ================================================================================
2010/12/06 11:47:33.0845 Scan started
2010/12/06 11:47:33.0845 Mode: Manual;
2010/12/06 11:47:33.0845 ================================================================================
2010/12/06 11:47:35.0005 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/12/06 11:47:35.0159 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/06 11:47:35.0345 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/06 11:47:35.0613 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/06 11:47:35.0744 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/06 11:47:36.0057 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/12/06 11:47:36.0307 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/06 11:47:36.0446 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/06 11:47:36.0592 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/06 11:47:36.0717 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/06 11:47:36.0883 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/06 11:47:37.0076 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/06 11:47:37.0367 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/06 11:47:37.0516 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/06 11:47:37.0809 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/06 11:47:37.0871 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/06 11:47:37.0918 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/06 11:47:38.0027 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2010/12/06 11:47:38.0138 BCM42RLY (55070d71bbb424a56d5125c61fcc2897) C:\Windows\system32\drivers\BCM42RLY.sys
2010/12/06 11:47:38.0650 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/06 11:47:38.0812 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/06 11:47:38.0946 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/06 11:47:39.0141 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/06 11:47:39.0264 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/06 11:47:39.0341 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/06 11:47:39.0437 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/06 11:47:39.0504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/06 11:47:39.0628 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/06 11:47:39.0689 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/06 11:47:39.0820 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/06 11:47:39.0965 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/06 11:47:40.0075 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/06 11:47:40.0161 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2010/12/06 11:47:40.0376 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/06 11:47:40.0467 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2010/12/06 11:47:40.0797 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/06 11:47:40.0856 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/06 11:47:40.0899 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/06 11:47:40.0939 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/06 11:47:41.0000 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/06 11:47:41.0134 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/12/06 11:47:41.0235 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/12/06 11:47:41.0362 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/06 11:47:41.0444 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/06 11:47:41.0504 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/06 11:47:41.0592 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/06 11:47:41.0665 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/12/06 11:47:41.0736 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/06 11:47:41.0938 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/06 11:47:42.0120 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/12/06 11:47:42.0191 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/12/06 11:47:42.0290 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/06 11:47:42.0603 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/06 11:47:42.0813 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/06 11:47:42.0888 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/06 11:47:42.0994 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/12/06 11:47:43.0146 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/06 11:47:43.0243 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/06 11:47:43.0366 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/06 11:47:43.0562 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/06 11:47:43.0620 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/06 11:47:43.0705 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/06 11:47:43.0773 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/06 11:47:43.0833 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/06 11:47:43.0920 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/06 11:47:44.0259 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/06 11:47:44.0587 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2010/12/06 11:47:44.0705 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/06 11:47:44.0779 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/06 11:47:44.0858 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\drivers\iastor.sys
2010/12/06 11:47:44.0979 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/06 11:47:45.0137 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/06 11:47:45.0232 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/06 11:47:45.0315 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/06 11:47:45.0599 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/06 11:47:45.0654 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/06 11:47:45.0762 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/06 11:47:45.0903 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/06 11:47:45.0949 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/06 11:47:46.0064 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/06 11:47:46.0135 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/06 11:47:46.0207 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/06 11:47:46.0327 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/06 11:47:46.0409 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/06 11:47:46.0464 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/06 11:47:46.0514 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/06 11:47:46.0606 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/06 11:47:46.0764 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/06 11:47:46.0877 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/06 11:47:46.0933 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/06 11:47:46.0991 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/06 11:47:47.0059 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/06 11:47:47.0228 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/06 11:47:47.0287 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/06 11:47:47.0345 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/06 11:47:47.0429 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2010/12/06 11:47:47.0500 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/06 11:47:47.0754 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2010/12/06 11:47:47.0960 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2010/12/06 11:47:48.0488 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2010/12/06 11:47:48.0744 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/12/06 11:47:48.0939 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2010/12/06 11:47:49.0287 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2010/12/06 11:47:49.0598 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/06 11:47:49.0658 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/06 11:47:49.0696 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/06 11:47:49.0738 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/06 11:47:49.0793 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/06 11:47:49.0854 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/06 11:47:49.0920 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/06 11:47:49.0986 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/06 11:47:50.0024 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/12/06 11:47:50.0095 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/06 11:47:50.0146 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/06 11:47:50.0206 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/06 11:47:50.0249 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/12/06 11:47:50.0506 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/06 11:47:50.0607 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/06 11:47:50.0670 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/06 11:47:50.0765 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/06 11:47:50.0825 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/06 11:47:50.0884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/06 11:47:50.0948 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/12/06 11:47:51.0103 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/06 11:47:51.0156 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/06 11:47:51.0229 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/12/06 11:47:51.0328 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/06 11:47:51.0627 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2010/12/06 11:47:51.0723 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/06 11:47:51.0765 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/06 11:47:51.0815 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/06 11:47:51.0861 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/06 11:47:51.0941 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/06 11:47:51.0990 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/06 11:47:52.0096 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/06 11:47:52.0175 nokia_cs1x_cdc_acm (73b59d848ed1990c2b057a2a67009477) C:\Windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys
2010/12/06 11:47:52.0396 nokia_cs1x_cdc_ecm (5368006a21f27098f504697d8aa0937f) C:\Windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys
2010/12/06 11:47:52.0619 nokia_cs1x_cpo (c505061912383af9e987c81ecdbd27aa) C:\Windows\system32\DRIVERS\nokia_cs1x_cpo.sys
2010/12/06 11:47:53.0001 nokia_cs1x_dc_enum (559aa470a6efa48caba5c5bf6a0f46fb) C:\Windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys
2010/12/06 11:47:53.0179 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/12/06 11:47:53.0275 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/06 11:47:53.0353 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/12/06 11:47:53.0527 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/06 11:47:53.0586 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/06 11:47:53.0649 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/06 11:47:53.0716 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/06 11:47:53.0769 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/06 11:47:53.0896 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/06 11:47:53.0955 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/06 11:47:54.0015 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/12/06 11:47:54.0067 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/06 11:47:54.0135 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/12/06 11:47:54.0188 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/12/06 11:47:54.0247 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/06 11:47:54.0318 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/06 11:47:54.0486 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
2010/12/06 11:47:54.0933 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/06 11:47:55.0006 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/06 11:47:55.0099 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/06 11:47:55.0186 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/06 11:47:55.0507 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/06 11:47:55.0819 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/06 11:47:55.0888 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/06 11:47:56.0004 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/06 11:47:56.0403 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/06 11:47:56.0477 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/06 11:47:56.0553 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/06 11:47:56.0590 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/06 11:47:56.0660 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/06 11:47:56.0736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/06 11:47:56.0813 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/06 11:47:56.0856 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/06 11:47:56.0927 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/12/06 11:47:57.0165 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/06 11:47:57.0355 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/06 11:47:57.0468 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/06 11:47:57.0563 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/06 11:47:57.0633 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/06 11:47:57.0746 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/06 11:47:57.0815 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/06 11:47:58.0067 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/06 11:47:58.0218 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/06 11:47:58.0271 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/06 11:47:58.0395 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/06 11:47:58.0415 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/06 11:47:58.0465 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/06 11:47:58.0522 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/06 11:47:58.0627 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/06 11:47:58.0713 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/06 11:47:58.0770 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/06 11:47:58.0844 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/12/06 11:47:58.0947 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/06 11:47:59.0101 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2010/12/06 11:47:59.0748 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/06 11:48:00.0238 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/06 11:48:00.0590 sst1173 (a947995371e7b211cbc47f4475e40bd2) C:\Windows\system32\drivers\sst1173.sys
2010/12/06 11:48:01.0242 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/12/06 11:48:01.0894 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/06 11:48:02.0004 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/06 11:48:02.0070 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/06 11:48:02.0129 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/06 11:48:02.0280 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/12/06 11:48:02.0552 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/06 11:48:02.0601 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/06 11:48:02.0660 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/06 11:48:02.0711 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/06 11:48:02.0763 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/06 11:48:02.0810 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/06 11:48:02.0924 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/06 11:48:02.0986 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/06 11:48:03.0059 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/06 11:48:03.0123 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/06 11:48:03.0191 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/06 11:48:03.0267 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/06 11:48:03.0324 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/06 11:48:03.0386 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/06 11:48:03.0441 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/06 11:48:03.0496 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/06 11:48:03.0607 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/06 11:48:03.0982 usbccgp (79a58d49e042e80f1909d8ed0a3c47a8) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/06 11:48:04.0404 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/06 11:48:04.0546 usbehci (8bd8e10a930235a67a10346d5f5029e2) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/06 11:48:04.0974 usbhub (5146760ca7ea58e4dd5e2e1d418d7011) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/06 11:48:05.0421 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/06 11:48:05.0492 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/06 11:48:05.0585 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/06 11:48:05.0666 usbuhci (0d815d51fd8ea5f9cb6b85c122cddbf6) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/06 11:48:05.0929 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/06 11:48:05.0983 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/06 11:48:06.0040 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/06 11:48:06.0095 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/06 11:48:06.0144 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/06 11:48:06.0197 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/06 11:48:06.0250 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/12/06 11:48:06.0306 volsnap (73ab644471bbc85188510bf02e6d6347) C:\Windows\system32\drivers\volsnap.sys
2010/12/06 11:48:06.0322 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 73ab644471bbc85188510bf02e6d6347, Fake md5: d8b4a53dd2769f226b3eb374374987c9
2010/12/06 11:48:06.0334 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/06 11:48:06.0392 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/06 11:48:06.0505 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/06 11:48:06.0559 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 11:48:06.0601 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 11:48:06.0677 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/06 11:48:06.0749 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/06 11:48:06.0919 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/06 11:48:07.0328 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/06 11:48:07.0501 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/06 11:48:07.0650 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/06 11:48:07.0811 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/06 11:48:07.0921 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/06 11:48:08.0160 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/12/06 11:48:08.0336 ================================================================================
2010/12/06 11:48:08.0336 Scan finished
2010/12/06 11:48:08.0336 ================================================================================
2010/12/06 11:48:08.0359 Detected object count: 1
2010/12/06 11:49:01.0668 volsnap (73ab644471bbc85188510bf02e6d6347) C:\Windows\system32\drivers\volsnap.sys
2010/12/06 11:49:01.0670 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 73ab644471bbc85188510bf02e6d6347, Fake md5: d8b4a53dd2769f226b3eb374374987c9
2010/12/06 11:49:06.0035 Backup copy found, using it..
2010/12/06 11:49:06.0049 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2010/12/06 11:49:06.0049 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2010/12/06 11:49:11.0959 Deinitialize success



I then ran Malware Bytes once again and this is the log from that:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5256

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

06/12/2010 12:06:32 PM
mbam-log-2010-12-06 (12-06-32).txt

Scan type: Quick scan
Objects scanned: 141650
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:34 PM

Posted 06 December 2010 - 03:28 PM

This looks really good now. Let's do an online scan. Tell me how it's running after that.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 RadioRob

RadioRob
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 13 December 2010 - 02:25 AM

Apologies for the delay in updating. The scan has been complete and found the following:

C:\Rob\Downloads\Coldplay - Viva La Vida (2008)Full plus artwork-320Kbps\06 Coldplay - Yes.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Steph\AppData\Local\Temp\csrss.exe a variant of Win32/Kryptik.IVA trojan cleaned by deleting - quarantined
C:\Users\Steph\AppData\Local\Temp\tmp44B2.tmp.exe a variant of Win32/Kryptik.AXS trojan cleaned by deleting - quarantined
C:\Users\Steph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\40de473e-1dabf86e a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Users\Steph\AppData\Roaming\dwm.exe a variant of Win32/Kryptik.IVA trojan cleaned by deleting - quarantined
C:\Users\Steph\AppData\Roaming\Microsoft\conhost.exe a variant of Win32/Kryptik.IVA trojan cleaned by deleting - quarantined



#7 RadioRob

RadioRob
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 13 December 2010 - 02:48 AM

After this scan I decided to run MalwareBytes (Quick Scan). The following was found:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5256

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/12/2010 11:35:56 PM
mbam-log-2010-12-12 (23-35-56).txt

Scan type: Quick scan
Objects scanned: 141521
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\Steph\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 3216 -> Unloaded process successfully.
c:\Users\Steph\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 4712 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Value: svchost -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Steph\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Steph\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Steph\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.


I am also slightly concerned about a message which suggests that Windows is stopping start up programs from starting. While I can't work out which ones are being stopped, I can see .exe such as qpFfuYwHVm.exe which seem out of place.

Also, to confirm I have seen a re-occurance of the redirect virus.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:34 PM

Posted 13 December 2010 - 12:17 PM

Hi, this qpFfuYwHVm.exe appears to be an orphaned registry entry. Are you getting a A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message with it?

MBam is slighltly out dated. Update and rescan.

Now clean the temp files ans do an SAS scan.

TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 RadioRob

RadioRob
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 14 December 2010 - 01:12 AM

Upon completing the TFC scan, Windows appeared to crash as the scan completed. No blue screen of death but a window explaining that Windows had encountered a problem.

Here is the log from the second scan:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/13/2010 at 10:01 PM

Application Version : 4.46.1000

Core Rules Database Version : 5999
Trace Rules Database Version: 3811

Scan type : Complete Scan
Total Scan Time : 01:56:29

Memory items scanned : 774
Memory threats detected : 0
Registry items scanned : 8528
Registry threats detected : 1
File items scanned : 131972
File threats detected : 496

Adware.Tracking Cookie
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\steph@2o7[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\steph@atdmt[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\steph@eset.122.2o7[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\steph@hitbox[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\steph@ehg-eset.hitbox[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\steph@revsci[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\steph@doubleclick[1].txt
.collective-media.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adecn.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ad.yieldmanager[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adbrite[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adcentriconline[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adecn[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adnetxchange[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ads.associatedcontent[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ads.bleepingcomputer[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ads.crakmedia[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ads.pointroll[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ads.pubmatic[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ads.zeusclicks[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adserver.adtechus[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adsplash.rotator.hadj1.adjuggler[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adtech[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adultfriendfinder[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@advertise[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@advertising[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@adxpose[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@apmebf[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@associatedcontent.112.2o7[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@atdmt[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@bs.serving-sys[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@burstnet[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@casalemedia[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@cdn1.trafficmp[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@click.fastpartner[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@clickpayz10.91447.get-search-results[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@clickpayz10.91447.information-seeking[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@clickpayz10.91452.get-search-results[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@clickpayz10.91452.information-seeking[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@clickpayz2.91447.information-seeking[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@clickpayz9.91447.information-seeking[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@clickthrough.kanoodle[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@cms.trafficmp[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@collective-media[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@content.yieldmanager[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@content.yieldmanager[3].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@counter.surfcounters[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@dc.tremormedia[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@discountcarinsurancestore[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@dmtracker[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@doubleclick[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@e1.cdn.qnsr[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ehg-eset.hitbox[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@eset.122.2o7[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@eyewonder[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@fancastmedia.co[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@fastclick[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@findanyfloor[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@findintouch[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@harrenmedianetwork[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@hitbox[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@imrworldwide[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@insightexpressai[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@invitemedia[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@kontera[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@legolas-media[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@lucidmedia[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@media.adfrontiers[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@media6degrees[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@mediaplex[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@network-ca.247realmedia[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@oasc14.247realmedia[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@onelclickcash[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@optimize.indieclick[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@pointroll[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@pro-market[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@qnsr[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@questionmarket[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@rbc.bridgetrack[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@realmedia[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@revsci[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@rotator.adjuggler[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@ru4[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@serving-sys[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@setanta.112.2o7[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@sexvideoadventures[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@stat.dealtime[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@stat.onestat[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@statcounter[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@statse.webtrendslive[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@tribalfusion[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@user.lucidmedia[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@videoegg.adbureau[2].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@virginmobileca.122.2o7[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@www.burstnet[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@www.qsstats[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@www.qsstats[3].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@yieldmanager[1].txt
C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Cookies\Low\steph@zedo[1].txt
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adcentriconline.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.lucidmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.lucidmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.advertising.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.advertising.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.advertising.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.advertising.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.advertising.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.bellglobemediapublishing.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.bluestreak.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.torstardigital.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.xiti.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.zedo.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.kontera.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.kontera.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.analytics.rogersmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.rogersmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ads.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ads.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.img.mediaplex.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
media.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-ctv.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-ctv.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-ctv.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.msnbc.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ad.adsplashmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ad.adsplashmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ads1.empiretheatres.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.airmilesrewardprogram.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.eb.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.eb.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-bestbuy.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-bestbuy.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.kontera.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
advertising.marketnetwork.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.nike.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.atwola.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.advertising.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-ctv.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.usatoday1.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.revsci.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.zedo.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.yieldmanager.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.zedo.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.vitamine.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.vitamine.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
vitamine.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
vitamine.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.csc.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.canoe.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ads.escalatemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ads.escalatemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.nhl.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
counter.hitslink.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adtech.de [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
server.lon.liveperson.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
server.lon.liveperson.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.overture.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.overture.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.dardenrestaurants.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
www.mynortonaccount.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
www.mynortonaccount.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.overture.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
media.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
media.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
media.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adserver.easyad.info [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.premiumtv.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.e-2dj6wjl4encjoap.stats.esomniture.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
sales.liveperson.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
sales.liveperson.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.network.realmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.interclick.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
www3.addfreestats.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.cz7.clickzs.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.cz7.clickzs.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
media.adrevolver.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adviva.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adviva.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.canadapost.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.gettyimages.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
sales.liveperson.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.cneteurope.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
server.cpmstar.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.cantire.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.haynet.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
trackers.1st-affiliation.fr [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
trackers.1st-affiliation.fr [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.cbs.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
www.vertadnet.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
web4.realtracker.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.mediastudies.humber.ca [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
adserver.oddschecker.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.valueclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.viator.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ads.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.vitamine.networldmedia.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.phg.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.eas.apm.emediate.eu [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.hypertracker.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.hospitalityebusiness.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.interclick.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.game-advertising-online.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adcentriconline.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.euroclick.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
media.sensis.com.au [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.disaboomcom.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.cgm.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adlegend.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.workopolis.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
optimize.indieclick.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.stats.adbrite.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.trinitymirror.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.kontera.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
www.country953.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-corusentertainment.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-corusentertainment.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.kanoodle.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-corusentertainment.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
corusmedia.media.streamtheworld.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.goal.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.cgm.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.roiservice.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-capitalgroup.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-capitalgroup.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
media.sensis.com.au [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.sensismediasmart.com.au [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ad.adnetwork.com.br [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.revenue.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.burstbeacon.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.bellcan.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.chitika.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.surveymonkey.122.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-iaaf.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-corusentertainment.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.ehg-wssuk.hitbox.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.a.websponsors.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
clicks.laterooms.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
clicks.laterooms.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
www.discountcar.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
www.discountcar.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.discountcar.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.discountcar.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.adxpose.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.tns-counter.ru [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.lfstmedia.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.revsci.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.revsci.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]
.revsci.net [ C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\exay43xk.default\cookies.sqlite ]

Malware.Trace
HKU\S-1-5-21-366926806-3237683721-3156861399-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:34 PM

Posted 14 December 2010 - 03:54 PM

That crash occurred as there was malware removed fron the Windows shell. Reboot. Update and rerun MBAM once more as I feel we got this. How is iy running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users