Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't find the virus causing redirects and other issues


  • Please log in to reply
6 replies to this topic

#1 beks79

beks79

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 02 April 2011 - 08:47 PM

HI. This is seriously doing my head in so came to you guys for help. In the past I have had viruses and was able to follow instructions on this site and came out all clear. At the moment, I copped an Antimalware Doctor Virus, went through the instructions given on this site and was able to remove it. Along with some other little nasties I wasn't aware I had. The problem is still going, even after running Rkill, Mbam, SaS and having the issues quarantined and removed. I am still having the same issues. So I restored my Windows back to an earlier point, ran the scans again, and yet same issues. I am somewhat aware of the main processes that generally run in my windows task manager, and have been noticing some really random processes that i have not seen before. Some have disappeared since the scanning but there are a couple that remain. I have looked them up in process library and they are listed as "safe" yet, as I have not noticed them before, if I end them tasks, I am able to open a browser.

Here is what happens. I load in, try to open browser, this fails. I open task manager, end process seaport.exe and wscntfy.exe and am now able to open a browser, although wscntfy.exe comes back up real quick thus preventing any new browsers to be opened.If I type in a new address, I am redirected, unless i end wscntfy.exe again, then I can get to my intended address. After 2 or 3 times of ending this process, I am unable to open new browsers so restart computer. This then produces 3 outcomes. 1. It loads through to just before the windows log-on page but stays black. 2. I can log in but it doesn't kickstart windows and I am left with a screen that only has my desktop background, however i can access task manager. or 3. It loads in normally.

I have never had any continuing issues in the past after following instructions on this site to remove viruses, so as you can imagine this time I am at a loss. Please help. Thank you.

Edit: I run Windows Xp

Edited by beks79, 02 April 2011 - 08:48 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:14 AM

Posted 02 April 2011 - 08:52 PM

Can you post the logs from Mbam and SAS?

#3 beks79

beks79
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 02 April 2011 - 09:07 PM

Sure thing. Incoming spam!! (And yes, lesson learnt, kids no longer allowed on my computer)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6234

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/04/2011 10:51:57 PM
mbam-log-2011-04-01 (22-51-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 241367
Time elapsed: 39 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 71
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 58

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\uxagecav.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\ENKBAML.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestBrowse Service (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTBROWSE_SERVICE (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mzukowayewecigit (Trojan.Agent) -> Value: Mzukowayewecigit -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Glonahifureqij (Trojan.Hiloti.Gen) -> Value: Glonahifureqij -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\fpact (Trojan.Downloader) -> Value: fpact -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Manager (Trojan.Agent) -> Value: Manager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tukdtjsr (Trojan.Downloader) -> Value: tukdtjsr -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.1.22.0 (Adware.HotBar) -> Value: ShopperReports 3.1.22.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879047EB6765B5634AF99 (Malware.Trace) -> Value: SRS_IT_E879047EB6765B5634AF99 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tukdtjsrx (Trojan.Downloader) -> Value: tukdtjsrx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Rebekah\application data\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\uxagecav.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\ENKBAML.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\documents and settings\Rebekah\local settings\temp\zitui1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Managee.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\questbrwsearch\questbrowse127.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\446ccce01bf4543d96a1701450fe50ff\satdll70snn.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\local settings\temp\2mpywktb.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\local settings\temp\q6focoehz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\local settings\temp\emonaswxcr.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\local settings\temp\1FB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\local settings\temp\1FF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\my documents\downloads\setupplaysushi(2).exe (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\Rebekah\my documents\downloads\setupplaysushi.exe (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\Rebekah\my documents\downloads\flash-plugin_update.40028.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1292428093-1965331169-1417001333-1004\Dc9.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435453.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435442.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435443.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435444.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435445.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435446.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435447.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435450.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435451.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435452.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435454.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6d948850-319e-4851-8ddf-b3443783d5ce}\RP814\A0435455.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dgjasr46w.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\QUED1.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tukdtjsr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Rebekah\application data\shopperreports3\IE\cs\res1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/02/2011 at 08:17 PM

Application Version : 4.50.1002

Core Rules Database Version : 6736
Trace Rules Database Version: 4548

Scan type : Complete Scan
Total Scan Time : 00:22:31

Memory items scanned : 398
Memory threats detected : 0
Registry items scanned : 7108
Registry threats detected : 19
File items scanned : 18786
File threats detected : 449

Adware.IWinGames
HKLM\Software\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID
HKCR\IEHlprObj.IEHlprObj.1
HKCR\IEHlprObj.IEHlprObj.1\CLSID
HKCR\IEHlprObj.IEHlprObj
HKCR\IEHlprObj.IEHlprObj\CurVer
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKU\S-1-5-21-1292428093-1965331169-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adware.Tracking Cookie
C:\Documents and Settings\Rebekah\Cookies\rebekah@atdmt.combing[2].txt
C:\Documents and Settings\Rebekah\Cookies\rebekah@atdmt[2].txt
C:\Documents and Settings\Rebekah\Cookies\rebekah@serving-sys[2].txt
stat.easydate.biz [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JN229WBB ]
vitamine.networldmedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\JN229WBB ]
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.sensismediasmart.com[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.mozzi[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.fastgetonline[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.seekfinds[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksor[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@track[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@vitamine.networldmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.freesearchquick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserving.ezanga[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@stat.dealtime[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tracking1.aleadpay[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.dx.hwpub[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thinkavenue.com[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpursuits[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.sensis.com[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@p323t1s2323634.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@6522.dw1hedm.findsearchengineresults[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.finditquick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.cpcadnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.cpxcenter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.networldmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@in.getclicky[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.blinksearchtool[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@banner.beansearching[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz10.91462.expand-search-goals[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz3.91462.expand-search-goals[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.search312[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@accounts[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.happytofind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cx.sxtracking[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@accounts[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@accounts[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adsense[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz1.91462.information-seeking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.findbuyonline.com[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adsense[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.mooter[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@networldmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz10.91462.information-seeking[1].txt
cdn.insights.gravity.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
cdn2.themis-media.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
cloud.video.unrulymedia.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
dlr1.wdpromedia.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
ec.atdmt.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
ia.media-imdb.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
ictv-bd-ec.indieclicktv.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
media.entertonement.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
media.ign.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
media.mtvnservices.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
media.scanscout.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
media.xfire.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
media1.break.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
media1.clubpenguin.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
media2.clubpenguin.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
objects.tremormedia.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
rmd.atdmt.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
spe.atdmt.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
us.media.blizzard.com [ C:\Documents and Settings\Rebekah\Application Data\Macromedia\Flash Player\#SharedObjects\NLAXMYUH ]
.bs.serving-sys.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.nickelodeonuk.112.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
user.lucidmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.zanox.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.stats.paypal.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.f2network.112.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
myaccount.centrelink.gov.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.myaccount.centrelink.gov.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.myaccount.centrelink.gov.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.webmasterplan.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.usenext.de [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.vinvest.122.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.trafficrevenue.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.e-2dj6wnlocic5oaq.stats.esomniture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.partypoker.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.partypoker.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.game-advertising-online.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.wow-track.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.wow-track.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.wow-track.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.wow-track.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.wow-track.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.wow-track.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.wow-track.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.wow-track.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adtech.de [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.examinercom.122.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.mediacollege.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.mediacollege.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.starzmedia.122.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
media.sensis.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
media.sensis.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.qnsr.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.qsstats.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.qsstats.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
checkmystats.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
checkmystats.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
wstat.wibiya.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.associatedcontent.112.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
adserver.twitpic.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.themis-media.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.azjmp.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
ext-us.bestofmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
adserver.adreactor.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.loanmarketgroup.122.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.standardmedia.co.ke [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.standardmedia.co.ke [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.e-2dj6wdmiqjcpaeo.stats.esomniture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
statsserver.contensis.co.uk [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.e-2dj6wgkoaldjgao.stats.esomniture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
media.sensis.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
media.sensis.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.xm.xtendmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tracktvlinks.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tracktvlinks.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
adserv.tacticalgamer.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
r2.unicornmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
network.alluremedia.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.3dstats.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.gaiainteractive.112.2o7.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.absoluteinsight.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.absoluteinsight.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.absoluteinsight.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ar.atwola.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.yadro.ru [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.mediafire.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.bravenet.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
optimize.indieclick.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.rambler.ru [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
click.eyk.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.bannerbreak.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.bannerbreak.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
pluckit.demandmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.liveperson.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.liveperson.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.liveperson.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.liveperson.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.myap.liveperson.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.myap.liveperson.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.myap.liveperson.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.mm.chitika.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
videogames.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
videogames.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.videogames.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.videogames.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
videogames.virginmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.e-2dj6wgkyqhazmbo.stats.esomniture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
media303.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.account.live.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.account.live.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
myaccount.centrelink.gov.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.solvemedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.solvemedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.e-2dj6wnl4cod5ekq.stats.esomniture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.e-2dj6wfk4gkcpebp.stats.esomniture.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
media.sensis.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
ad.sensismediasmart.com.au [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.bleepyou.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.bleepyou.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
adserver.webmasterbond.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.myroitracking.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.findology.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.findology.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.findology.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
vertamedia.30001.expand-search-goals.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
o1.qnsr.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.bizzclick.com [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Rebekah\Application Data\Mozilla\Firefox\Profiles\mlbhmomv.default\cookies.sqlite ]

Adware.Zango/ShoppingReport
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version

Trojan.Agent/Gen-IExplorer[Fake]
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX20\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX10\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX11\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX12\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX13\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX14\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX15\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX16\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX17\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX18\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX2\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX21\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX22\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX23\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX24\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX25\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX26\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX3\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX4\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX5\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX6\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX7\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX8\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX9\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX20\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX10\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX11\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX12\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX13\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX14\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX15\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX16\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX17\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX18\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX2\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX21\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX22\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX23\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX24\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX25\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX26\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX3\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX4\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX5\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX6\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX7\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX8\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\REBEKAH\LOCAL SETTINGS\TEMP\RARSFX9\PROCS\EXPLORER.EXE

Adware.Agent/Gen-Pinball
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP814\A0435449.DLL

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458436.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458437.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458438.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458439.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458440.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458441.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458442.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458443.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458445.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458449.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458452.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP844\A0458453.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464748.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464749.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464750.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464751.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464752.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464754.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464756.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464758.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D948850-319E-4851-8DDF-B3443783D5CE}\RP846\A0464759.DLL

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:14 AM

Posted 02 April 2011 - 10:42 PM

Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#5 beks79

beks79
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 12 April 2011 - 02:18 AM

Sorry, I have been away. Here is GMER logs


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-12 17:07:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3160812AS rev.3.AAE
Running: ltl5huvf.exe; Driver: C:\DOCUME~1\Rebekah\LOCALS~1\Temp\pwtyipoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA6F4514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA6E3282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA6E3474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA6F4D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA6F4FB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA6F33FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6F5422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA6F47D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xBA6E2F32]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1312] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00C8000A
.text C:\WINDOWS\Explorer.EXE[1312] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00C9000A
.text C:\WINDOWS\Explorer.EXE[1312] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A2000C
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00CA000A
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00CB000A
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00C9000C
.text C:\WINDOWS\System32\svchost.exe[1360] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D7000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd )
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A60827F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A60827F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A60827F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A60827F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8A60827F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8A60827F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-3 8A60827F
Device \Device\Ide\IdeDeviceP2T0L0-16 -> \??\IDE#DiskST3160812AS_____________________________3.AAE___#5&1714ff57&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0xC9 0xF7 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0x1A 0xB6 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE6 0x81 0xA6 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x93 0xA5 0xC4 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0xC9 0xF7 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0x1A 0xB6 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE6 0x81 0xA6 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x93 0xA5 0xC4 0xC2 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:14 AM

Posted 12 April 2011 - 06:15 AM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:14 AM

Posted 12 April 2011 - 08:26 AM

The Malware Response Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. If you do not mind waiting and want someone to check your system thoroughly, then please follow the directions already provided.

If you want to try disinfection in this forum first, continue as follows:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

The database in your previous log shows 6234. Last I checked it was 6341.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users