Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting, virus now seems to have spread to explorer.exe?


  • Please log in to reply
7 replies to this topic

#1 dco9er

dco9er

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 22 June 2011 - 06:53 AM

I've had a lingering virus problem on my laptop for a few weeks now that I have been, sadly, not doing enough about and I fear it has now spread and I'm not even sure what damage it's causing at this point.

I am on a machine with Windows Vista Home on it. It started out as google search results occasionally redirecting to other pages (scour, yellowpages, etc) after I clicked on them. This has happened in both Firefox and IE. This has extended to seemingly random popups that have happened when I've clicked links on almost any website, and even when I navigated back in gmail. On Monday, AVG was going crazy identifying all kinds of corrupted processes, and the one that really freaked me out was when it found problems in C:\WINDOWS\TEMP\EXPLORER.EXE and C:\WINDOWS\TEMP\(a few letters I didn't get to write down before system reboot)\SETUP.EXE. So I let AVG terminate those and move to virus vault, but it was unable to terminate explorer.exe. This just happened again about 30 minutes ago, and about 3 minutes after I let AVG terminate the processes, I got directed to a blue screen of death, panicked and shut down using the power button. Immediately prior to that the whole windows interface had blinked and refreshed a couple times. When AVG identified problems with EXPLORER.EXE on Monday, the interface was also blinking and refreshing, but no blue screen happened.

I tried starting up windows again after that, but it took a long time, and once it started "loading personalized settings for..." Windows Mail, Internet Explorer, etc., I panicked again and shut down with the power button. I managed to reboot into safe mode after that, but afraid to try a normal boot again. (I am writing now from my desktop computer.)

I've tried running an AVG scan and a Spybot scan, both in and out of safe mode. They found some things to remove on the initial scans, but are now finding nothing and the problem still exists.

I would really appreciate any help as I am at a lost of what to do next ... and wanted to heed all the warnings about not trying any programs posted here without being advised to do so. Thank you so much for any help!

BC AdBot (Login to Remove)

 


#2 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 22 June 2011 - 08:17 AM

Boot into Safe mode with Networking and then follow this guide by boopme

Hello,lets first see if there is a malware here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.4.0) from Kaspersky's website

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware



#3 dco9er

dco9er
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 23 June 2011 - 06:37 AM

Well, that seemed to have helped, as I went through all of last night after I ran the two programs with no google redirects and no alerts from AVG. However ... this morning I got another alert from AVG. I let AVG remove the threat it detected and after reboot it said it had terminated 6 processes, removed 4 files, and deleted 11 registry keys. Sadly I can't find a way to copy the results log so here is the best I can copy myself from the AVG log:

Threat determined to be malware.

processes terminated:
AUDIOSRV32.EXE
RGB9RAST32.EXE
netsh.exe
netsh.exe
netsh.exe
0.1629193167723415.EXE

Files deleted:
AUDIOSRV32.EXE
RGB9RAST32.EXE
AUDIOSRV32.DLL
0.1629193167723415.EXE

All registry keys deleted:
hkey_local_machine\system\currentcontrolset\services\schedule32
hkey_users\s-1-5-21-2188432765-2655440225-4149006342-1003_classes\software\ogozmckulk
hkey_users\s-1-5-21-2188432765-2655440225-4149006342-1003\software\ogozmckulk
hkey_users\s-1-5-20\software\ogozmckulk
hkey_users\s-1-5-19\software\ogozmckulk
hkey_users\.default\software\ogozmckulk
hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper obects\{01ade3fd-27a1-48aa-8721-99c93c0b2130}
hkey_local_machine\software\classes\clsid\{881b1784-e879-48a8-bab9-055413759b3e}
hkey_local_machine\software\classes\clsid\{01ade3fd-27a1-48aa-8721-99c93c0b2130}
hkey_local_machine\software\classes\ogozmckulk
hkey_local_machine\software\classes\.fsharproj




And from yesterday's scans, here is the log from TDSKiller:
2011/06/22 17:30:06.0446 1916 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/22 17:30:07.0367 1916 ================================================================================
2011/06/22 17:30:07.0367 1916 SystemInfo:
2011/06/22 17:30:07.0367 1916
2011/06/22 17:30:07.0367 1916 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/22 17:30:07.0367 1916 Product type: Workstation
2011/06/22 17:30:07.0367 1916 ComputerName: DCO-PC
2011/06/22 17:30:07.0367 1916 UserName: DCo
2011/06/22 17:30:07.0367 1916 Windows directory: C:\Windows
2011/06/22 17:30:07.0367 1916 System windows directory: C:\Windows
2011/06/22 17:30:07.0367 1916 Processor architecture: Intel x86
2011/06/22 17:30:07.0367 1916 Number of processors: 2
2011/06/22 17:30:07.0367 1916 Page size: 0x1000
2011/06/22 17:30:07.0367 1916 Boot type: Safe boot with network
2011/06/22 17:30:07.0367 1916 ================================================================================
2011/06/22 17:30:09.0551 1916 Initialize success
2011/06/22 17:30:16.0695 0236 ================================================================================
2011/06/22 17:30:16.0695 0236 Scan started
2011/06/22 17:30:16.0695 0236 Mode: Manual;
2011/06/22 17:30:16.0695 0236 ================================================================================
2011/06/22 17:30:18.0583 0236 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/22 17:30:18.0645 0236 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/22 17:30:18.0786 0236 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/22 17:30:18.0833 0236 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/22 17:30:18.0864 0236 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/22 17:30:19.0051 0236 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/06/22 17:30:19.0113 0236 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/22 17:30:19.0254 0236 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/22 17:30:19.0301 0236 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/22 17:30:19.0347 0236 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/22 17:30:19.0394 0236 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/22 17:30:19.0519 0236 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/22 17:30:19.0550 0236 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/22 17:30:19.0769 0236 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/22 17:30:19.0971 0236 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/22 17:30:20.0299 0236 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/22 17:30:20.0673 0236 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/22 17:30:20.0845 0236 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/22 17:30:20.0907 0236 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/22 17:30:20.0923 0236 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/22 17:30:20.0985 0236 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/06/22 17:30:21.0126 0236 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/06/22 17:30:21.0173 0236 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/06/22 17:30:21.0235 0236 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/06/22 17:30:21.0344 0236 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/06/22 17:30:21.0438 0236 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/22 17:30:21.0563 0236 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/22 17:30:21.0687 0236 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/22 17:30:21.0765 0236 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/22 17:30:21.0890 0236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/22 17:30:21.0953 0236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/22 17:30:21.0999 0236 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/22 17:30:22.0046 0236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/22 17:30:22.0171 0236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/22 17:30:22.0187 0236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/22 17:30:22.0233 0236 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/22 17:30:22.0405 0236 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/06/22 17:30:22.0436 0236 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/22 17:30:22.0467 0236 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/22 17:30:22.0608 0236 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/22 17:30:22.0670 0236 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/22 17:30:22.0857 0236 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/22 17:30:22.0889 0236 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/22 17:30:22.0920 0236 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/22 17:30:22.0951 0236 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/22 17:30:22.0982 0236 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/22 17:30:23.0169 0236 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
2011/06/22 17:30:23.0232 0236 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/06/22 17:30:23.0388 0236 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/22 17:30:23.0450 0236 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/06/22 17:30:23.0606 0236 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/22 17:30:23.0669 0236 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/22 17:30:23.0840 0236 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/22 17:30:23.0918 0236 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/22 17:30:24.0121 0236 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/22 17:30:24.0199 0236 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/22 17:30:24.0355 0236 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/22 17:30:24.0402 0236 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/22 17:30:24.0449 0236 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/22 17:30:24.0589 0236 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/22 17:30:24.0620 0236 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/22 17:30:24.0651 0236 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/22 17:30:24.0714 0236 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/22 17:30:24.0854 0236 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/22 17:30:24.0885 0236 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/22 17:30:24.0948 0236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/22 17:30:25.0104 0236 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/22 17:30:25.0135 0236 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/22 17:30:25.0166 0236 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/22 17:30:25.0229 0236 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/22 17:30:25.0353 0236 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/22 17:30:25.0416 0236 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/22 17:30:25.0478 0236 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/22 17:30:25.0650 0236 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/22 17:30:25.0837 0236 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/22 17:30:25.0915 0236 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/06/22 17:30:26.0071 0236 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/22 17:30:26.0118 0236 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/22 17:30:26.0289 0236 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/22 17:30:26.0321 0236 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/22 17:30:26.0461 0236 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/22 17:30:26.0633 0236 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/22 17:30:26.0773 0236 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/06/22 17:30:26.0882 0236 IntcAzAudAddService (b795745f7e51aa20d46753ec5a811aca) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/22 17:30:27.0069 0236 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/22 17:30:27.0101 0236 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/22 17:30:27.0163 0236 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/22 17:30:27.0350 0236 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/22 17:30:27.0381 0236 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/22 17:30:27.0537 0236 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/06/22 17:30:27.0584 0236 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/22 17:30:27.0615 0236 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/22 17:30:27.0662 0236 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/22 17:30:27.0787 0236 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/22 17:30:27.0865 0236 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/22 17:30:27.0896 0236 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/22 17:30:27.0959 0236 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/06/22 17:30:28.0083 0236 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/22 17:30:28.0177 0236 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/22 17:30:28.0302 0236 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/22 17:30:28.0333 0236 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/22 17:30:28.0395 0236 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/22 17:30:28.0536 0236 LTXMD_VAC (834098ee53663043e94f51d8b8e2cb0e) C:\Windows\system32\drivers\lmvac.sys
2011/06/22 17:30:28.0598 0236 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/22 17:30:28.0661 0236 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/22 17:30:28.0785 0236 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/22 17:30:28.0879 0236 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/22 17:30:29.0004 0236 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/22 17:30:29.0051 0236 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/22 17:30:29.0097 0236 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/22 17:30:29.0129 0236 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/22 17:30:29.0160 0236 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/22 17:30:29.0285 0236 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/22 17:30:29.0331 0236 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/22 17:30:29.0394 0236 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/22 17:30:29.0441 0236 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/22 17:30:29.0550 0236 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/22 17:30:29.0597 0236 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/22 17:30:29.0659 0236 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/22 17:30:29.0768 0236 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/22 17:30:29.0815 0236 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/22 17:30:29.0924 0236 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/22 17:30:30.0002 0236 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/22 17:30:30.0049 0236 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/22 17:30:30.0096 0236 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/22 17:30:30.0111 0236 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/22 17:30:30.0174 0236 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/22 17:30:30.0283 0236 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/22 17:30:30.0377 0236 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/22 17:30:30.0486 0236 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/22 17:30:30.0548 0236 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/22 17:30:30.0720 0236 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/22 17:30:30.0751 0236 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/22 17:30:30.0782 0236 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/22 17:30:30.0969 0236 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/22 17:30:30.0985 0236 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/22 17:30:31.0016 0236 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/22 17:30:31.0047 0236 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/22 17:30:31.0281 0236 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/06/22 17:30:31.0515 0236 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/22 17:30:31.0687 0236 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/22 17:30:31.0734 0236 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/22 17:30:31.0765 0236 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/06/22 17:30:31.0796 0236 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/22 17:30:31.0952 0236 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/22 17:30:32.0015 0236 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/06/22 17:30:32.0155 0236 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/22 17:30:32.0186 0236 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/22 17:30:32.0217 0236 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/22 17:30:32.0249 0236 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/22 17:30:32.0295 0236 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/22 17:30:32.0483 0236 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/22 17:30:32.0654 0236 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/22 17:30:32.0685 0236 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/22 17:30:32.0717 0236 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/22 17:30:32.0888 0236 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/22 17:30:32.0919 0236 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/22 17:30:32.0982 0236 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/22 17:30:33.0153 0236 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/22 17:30:33.0247 0236 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/22 17:30:33.0387 0236 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/22 17:30:33.0465 0236 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/22 17:30:33.0512 0236 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/06/22 17:30:33.0637 0236 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/06/22 17:30:33.0653 0236 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/06/22 17:30:33.0746 0236 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/22 17:30:33.0918 0236 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/22 17:30:33.0949 0236 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/22 17:30:33.0980 0236 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/22 17:30:34.0027 0236 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/22 17:30:34.0167 0236 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/22 17:30:34.0199 0236 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/22 17:30:34.0230 0236 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/22 17:30:34.0370 0236 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/22 17:30:34.0417 0236 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/22 17:30:34.0448 0236 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/22 17:30:34.0495 0236 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/22 17:30:34.0667 0236 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/06/22 17:30:34.0729 0236 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/06/22 17:30:34.0901 0236 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/22 17:30:34.0947 0236 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/22 17:30:34.0994 0236 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/22 17:30:35.0181 0236 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/22 17:30:35.0213 0236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/22 17:30:35.0275 0236 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/22 17:30:35.0306 0236 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/22 17:30:35.0447 0236 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/22 17:30:35.0493 0236 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/22 17:30:35.0540 0236 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/22 17:30:35.0571 0236 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/22 17:30:35.0696 0236 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/22 17:30:35.0743 0236 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/22 17:30:35.0774 0236 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/22 17:30:35.0805 0236 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/22 17:30:35.0993 0236 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/22 17:30:36.0102 0236 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/06/22 17:30:36.0289 0236 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/22 17:30:36.0383 0236 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/06/22 17:30:36.0383 0236 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/22 17:30:36.0398 0236 sptd - detected LockedFile.Multi.Generic (1)
2011/06/22 17:30:36.0554 0236 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/22 17:30:36.0632 0236 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/22 17:30:36.0648 0236 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/22 17:30:36.0804 0236 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/06/22 17:30:36.0866 0236 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/06/22 17:30:36.0897 0236 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/06/22 17:30:37.0038 0236 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
2011/06/22 17:30:37.0147 0236 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/06/22 17:30:37.0303 0236 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/22 17:30:37.0334 0236 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/22 17:30:37.0397 0236 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/22 17:30:37.0443 0236 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/22 17:30:37.0584 0236 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/22 17:30:37.0709 0236 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/06/22 17:30:37.0818 0236 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/22 17:30:37.0880 0236 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/22 17:30:37.0958 0236 TcUsb (58e3eb5a5c78740c5870eee6648ccc46) C:\Windows\system32\Drivers\tcusb.sys
2011/06/22 17:30:38.0083 0236 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/22 17:30:38.0161 0236 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/22 17:30:38.0192 0236 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/22 17:30:38.0317 0236 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/22 17:30:38.0379 0236 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys
2011/06/22 17:30:38.0442 0236 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/22 17:30:38.0567 0236 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/22 17:30:38.0598 0236 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/22 17:30:38.0645 0236 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/22 17:30:38.0691 0236 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/22 17:30:38.0816 0236 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/22 17:30:38.0879 0236 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/22 17:30:38.0925 0236 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/22 17:30:39.0066 0236 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/22 17:30:39.0113 0236 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/22 17:30:39.0191 0236 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/22 17:30:39.0315 0236 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/06/22 17:30:39.0409 0236 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/22 17:30:39.0440 0236 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/22 17:30:39.0549 0236 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/22 17:30:39.0596 0236 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/22 17:30:39.0659 0236 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/22 17:30:39.0783 0236 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/22 17:30:39.0846 0236 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/22 17:30:39.0908 0236 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/22 17:30:40.0049 0236 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/22 17:30:40.0080 0236 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/22 17:30:40.0158 0236 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/22 17:30:40.0267 0236 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/22 17:30:40.0329 0236 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/22 17:30:40.0376 0236 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/22 17:30:40.0470 0236 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/22 17:30:40.0532 0236 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/22 17:30:40.0595 0236 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/22 17:30:40.0673 0236 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/22 17:30:40.0751 0236 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/22 17:30:40.0829 0236 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/22 17:30:40.0875 0236 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/22 17:30:40.0891 0236 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/22 17:30:41.0063 0236 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/22 17:30:41.0156 0236 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/22 17:30:41.0390 0236 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/22 17:30:41.0515 0236 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/22 17:30:41.0687 0236 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/22 17:30:41.0827 0236 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/22 17:30:41.0952 0236 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/22 17:30:42.0108 0236 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/22 17:30:42.0155 0236 MBR (0x1B8) (036d4ebb79e13e67e78acf2dab65bcc3) \Device\Harddisk0\DR0
2011/06/22 17:30:42.0170 0236 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/22 17:30:42.0170 0236 ================================================================================
2011/06/22 17:30:42.0170 0236 Scan finished
2011/06/22 17:30:42.0170 0236 ================================================================================
2011/06/22 17:30:42.0186 1988 Detected object count: 2
2011/06/22 17:30:42.0186 1988 Actual detected object count: 2
2011/06/22 17:32:07.0699 1988 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/22 17:32:07.0751 1988 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/22 17:32:07.0751 1988 \Device\Harddisk0\DR0 - ok
2011/06/22 17:32:07.0752 1988 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/22 17:32:49.0776 1724 Deinitialize success


And here is the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6922

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.19088

6/22/2011 6:02:54 PM
mbam-log-2011-06-22 (18-02-54).txt

Scan type: Quick scan
Objects scanned: 163410
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Otofokuqi (Trojan.Agent.U) -> Value: Otofokuqi -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Windows\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\DCo\AppData\Local\WILSVCOG.DLL (Trojan.Agent.U) -> Quarantined and deleted successfully.
c:\Windows\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> Quarantined and deleted successfully.



Thanks so much for the help and let me know what I can do next!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 28 June 2011 - 12:02 PM

Hello, sorry you got stranded. If you are still redirecting please do these,

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


Next run ATF and SAS:

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dco9er

dco9er
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 28 June 2011 - 10:26 PM

Thanks so much for the followup and all the help.

I followed all the instructions as directed ... but sadly I am still getting google redirects. :(

Here is the SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2011 at 11:09 PM

Application Version : 4.54.1000

Core Rules Database Version : 7349
Trace Rules Database Version: 5161

Scan type : Complete Scan
Total Scan Time : 00:42:09

Memory items scanned : 302
Memory threats detected : 0
Registry items scanned : 10055
Registry threats detected : 1
File items scanned : 37405
File threats detected : 569

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
bannerfarm.ace.advertising.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
cdn.euroclick.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
cdn2.themis-media.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
cdn4.specificclick.net [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
convoad.technoratimedia.net [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
ds.serving-sys.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
googleads.g.doubleclick.net [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
ia.media-imdb.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
interclick.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
m1.2mdn.net [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
macromedia.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
media.mtvnservices.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
media.mtvu.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
media.resulthost.org [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
media.scanscout.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
media.tattomedia.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
media.underarmour.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
media01.kyte.tv [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
media1.break.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
msnbcmedia.msn.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
oddcast.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
pornotube.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
s0.2mdn.net [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
secure-us.imrworldwide.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
serving-sys.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
spe.atdmt.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
static.2mdn.net [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
static.sunporno.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
udn.specificclick.net [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
videomedia.ign.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
www.gotgayporn.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
www.naiadsystems.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
www.nakedkombat.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
www.pornerbros.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
www.pornhub.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
www.pornotube.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
yo.static.presidiomedia.com [ C:\Users\DCo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B2EKJWLX ]
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@ad.yieldmanager[3].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@advertising[2].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@ads.intergi[1].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@ads.nexon[2].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@ad.wsod[2].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@ad.yieldmanager[2].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@apmebf[1].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@dmtracker[1].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@in.getclicky[1].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@imrworldwide[2].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@mediaplex[2].txt
C:\Users\DCo\AppData\Roaming\Microsoft\Windows\Cookies\dco@questionmarket[1].txt
.imrworldwide.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adxpose.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.interclick.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.interclick.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.interclick.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
adserving.versaneeds.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.network.realmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.specificclick.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.specificclick.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.specificclick.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.specificclick.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.interclick.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
ads2.qsoft.co.uk [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.myaccount.onlygng.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
myaccount.onlygng.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.extrovert.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adinterax.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adinterax.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
stat.onestat.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.andomedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.edge.ru4.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.edge.ru4.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.timeinc.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
counters.gigya.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ar.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ar.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ar.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.kontera.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.skyscanner.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.skyscanner.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.skyscanner.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.skyscanner.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.skyscanner.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.skyscanner.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.skyscanner.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.farecastcom.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.socialmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.mm.chitika.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.themis-media.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.kontera.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.kontera.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media.mtvnservices.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.media.mtvnservices.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
caloriecount.about.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
caloriecount.about.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.caloriecount.about.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.caloriecount.about.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adlegend.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adlegend.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
beacon.dmsinsights.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
beacon.dmsinsights.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.bellglobemediapublishing.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
wstat.wibiya.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.viewablemedia.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.game-advertising-online.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.evite.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
advertising.sheknows.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.usatoday1.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
bookit.advertserve.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.roiservice.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.sportingnews.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.petfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.petfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.petfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.petfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.findaboutpets.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.findaboutpets.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.foxinteractivemedia.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
s05.flagcounter.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.mixxx.org [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.www.mixxx.org [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.mixxx.org [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.mixxx.org [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
track.vipgamesnetwork.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
tracking.waterfrontmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.equityresidential.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.networkcommunications2.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
stats.camdenliving.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.apartmentfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.apartmentfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.apartmentfinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.dominionenterprises.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.ajchomefinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.homes.ajchomefinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.homes.ajchomefinder.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
d.mediadakine.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
bridge1.admarketplace.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
myaccount.onlygng.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.hearstugo.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.xiti.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.walmart.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.lfstmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.tracking.dsmmadvantage.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.sonyonlineentertainment.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.c.gigcount.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.eventbrite.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.azjmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.azjmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.perypeecomm.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
api.skyscanner.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
api.skyscanner.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
data.skyscanner.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
data.skyscanner.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
data.skyscanner.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.skyscanner.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.avgtechnologies.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
ar.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ar.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.msnbc.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
uk.sitestat.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.theclickcheck.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.theclickcheck.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.associatedcontent.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.trackimizer.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.trackimizer.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.pointroll.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.shopica.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ar.atwola.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.advertise.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ru4.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ru4.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.realmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adbrite.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adbrite.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adbrite.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.realmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.realmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.realmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.realmedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.kaspersky.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.kontera.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adbrite.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.medhelpinternational.112.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
www.find-quick-results.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adbrite.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adbrite.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.overture.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ru4.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ru4.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.rtst.122.2o7.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
accounts.youtube.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adbrite.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
ad.yieldmanager.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
ad.yieldmanager.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.pro-market.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.ru4.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.revsci.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.collective-media.net [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
.adbrite.com [ C:\Users\DCo\AppData\Roaming\Mozilla\Firefox\Profiles\r0pt34n4.default\cookies.sqlite ]
crackle.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDQ3VGD ]
ds.serving-sys.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDQ3VGD ]
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDQ3VGD ]
media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDQ3VGD ]
media1.break.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDQ3VGD ]
s0.2mdn.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDQ3VGD ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDQ3VGD ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pureleads[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@counters.gigya[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.lycos[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apartmentfinder[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@kontera[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.seekfinds[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media.adfrontiers[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.bighealthtree[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@view.atdmt[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adlegend[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.shorttail[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@educationcom.112.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hc2.humanclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c.gigcount[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.findeven[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clicksclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.toseeking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@technoratimedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ehg-wss.hitbox[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@earthlink.122.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@beacon.dmsinsights[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sales.liveperson[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.ask[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@uiadserver[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crackle[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@travelcomau.112.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.blogtalkradio[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.blogtalkradio[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eyewonder[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.financialcontent[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media.contextweb[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@andomedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.e-planning[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p221t1s4476638.kronos.bravenetmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ar.atwola[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media.contextweb[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fisherinvestments.112.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clicksfind[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.iad.liveperson[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.adk2[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.findsearchengineresults[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.bridgetrack[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@miva.cinomedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@3dclicktracker[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@r1-ads.ace.advertising[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda.at.atwola[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.boltfind[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@legolas-media[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@legolas-media[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ehg-players.hitbox[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clicksthe[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clicksthis[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clickcheer[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.findsmy[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.321findit[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.mail[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.find-quick-results[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p431t1s4594980.kronos.bravenetmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserv.rotator.hadj7.adjuggler[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liveperson[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.orfind[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstbeacon[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a1.interclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.bestdatafind[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lfstmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.clickpayz[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.search312[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.thespecialsearch[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@homestore.122.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbank[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn1.trafficmp[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hitbox[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interchangecorporation.122.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.networkadvertising[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.cpmstar[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statse.webtrendslive[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statse.webtrendslive[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.amazeclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.apartmentfinder[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@looksmart.digomedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickthrough.kanoodle[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.thinkavenue[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.hippofind[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@theclickcheck[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 28 June 2011 - 10:36 PM

Your welcome! This is quick,see if it stops it.
Are you on a router and the only machine on it? If not do the others redirect?



Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dco9er

dco9er
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 06 July 2011 - 09:01 PM

I missed this reply for a few days - my mistake!

It looks like the GooredFix got rid of it! Thank you so much!!!

I will attach the log in case the info is still useful:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 07:22 on 06/07/2011 (DCo)
Firefox version 3.6.18 (en-US)

========== GooredScan ==========

Deleting "C:\Users\DCo\Application Data\Mozilla\Firefox\Profiles\r0pt34n4.default\extensions\{62f6e050-d22c-4cc6-b025-0841f74d985a}" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{8401E949-6B76-4E3B-B6F8-31BD66DEB1AC} -> Success!
Deleting C:\Users\DCo\AppData\Local\{8401E949-6B76-4E3B-B6F8-31BD66DEB1AC} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:10 12/07/2008]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [00:16 09/03/2011]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:02 06/12/2008]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [23:32 15/01/2011]

C:\Users\DCo\Application Data\Mozilla\Firefox\Profiles\r0pt34n4.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [00:11 16/11/2010]
{3205B348-523A-4fac-9BC4-9939CBF583B0} [02:30 05/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:20 22/09/2010]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" [12:01 29/05/2011]

-=E.O.F=-

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 06 July 2011 - 09:39 PM

You're welcome!!! If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users