Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with password stealer w32/Pws.BXEF


  • This topic is locked This topic is locked
36 replies to this topic

#1 bocawork

bocawork

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 25 July 2011 - 11:01 AM

Hi,

My Command Anti-Malware indicates I have a password stealer called W32/Pws.BXEF located in the object Uninstall.exe.

It claims there is an exact match but it is unable to delete or quarantine the file.

I have run both Malwarebytes and SuperAntiSpyware but it is still on my machine. It appears to try and load constantly.

I try to remove it using Hijackthis as it shows up in the log file but it did not seem to work in normal or safe mode. Below is the log file.

Any suggestions?

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:19 AM, on 7/22/2011
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Authentium\CSAM5\avrpts.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\CSSPrepAgentNT.Exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RAMpage\RAMpage.exe
C:\WINNT\StartupMonitor.exe
C:\WINNT\System32\mdm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AUTHEN~1\CSAM5\avtray.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega QuikSync 3\quiksync3.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\WINNT\System32\cidaemon.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.2:80
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\MIKE B\Application Data\Mozilla\Profiles\default\ccs26mf3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MIKE B\Application Data\Mozilla\Profiles\default\ccs26mf3.slt\prefs.js)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RAMpage] "C:\Program Files\RAMpage\RAMpage.exe" U=15 M=100 T=20 P="C:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [CSSLogon] CSSLogonNT.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CSAM5 tray] C:\PROGRA~1\AUTHEN~1\CSAM5\avtray.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: uninstall.exe
O4 - Global Startup: Iomega QuikSync 3.lnk = C:\Program Files\Iomega QuikSync 3\quiksync3.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: http://www.cbs.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://www.lorexglobal.com/see/push03.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/074d4f8477417fd81c15/netzip/RdxIE601.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265838381984
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} (LinksysViewer Control) - http://www.blkr.linksys-cam.com/img/LinksysViewer.cab
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: CSAM5 Reporting Service (avrpts) - Authentium, Inc - C:\Program Files\Authentium\CSAM5\avrpts.exe
O23 - Service: CSS Prep Agent (CSS PrepAgent) - Unknown owner - C:\WINNT\CSSPrepAgentNT.Exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\iomegaaccess.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINNT\PSEXESVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: vseamps - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 7655 bytes

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 04 August 2011 - 11:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411173 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 04 August 2011 - 04:17 PM

Hi,

My system is a 32 bit Windows 2000 Professional 5.00.2195 with Service Pack 4.

Attached is the DDS log. I ran the Gmer tool and after what looked like some rootkit activity message got the Blue screen of death. Should I try again?

Thanks

Attached Files

  • Attached File  DDS.txt   11.31KB   7 downloads


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 PM

Posted 07 August 2011 - 12:23 PM

Hello bocawork,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDSSKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 08 August 2011 - 04:23 PM

Hi Fireman4it,

Thanks for your help on this.

Tried running TDSS Rootkit and I got the Blue screen of death again. So I tried running it in Safe Mode and it reset the computer.

Should I try the ComboFix part or do something else?

Thanks

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 PM

Posted 08 August 2011 - 05:28 PM

Yes please try the Combofix part

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 09 August 2011 - 08:54 AM

Hi,

Combo fix did run. I did get a message that I need to increase the max size of my registry. And then there was a message that a registry file could not be opened. However, the printer did reset and a log was created. I still got the error message on reset which seems to be caused by the password stealer - uninstall.exe. I have included that screenshot as well.

Attached Files



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 PM

Posted 09 August 2011 - 05:05 PM

Hello,


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".


3.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    [codeX]:filefind
    *internat.exe*[/codeX]
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

4.
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\winnt\system32\drivers\79877520.sys
c:\winnt\system32\drivers\80110576.sys
c:\winnt\PSEXESVC.EXE

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Things to include in your next reply::
aswMBR log
RkuUnhooker log
JOtti results.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 10 August 2011 - 04:02 PM

Hi Fireman,

Attached is the aswMBR log.

Both RKU and SystemLook had application error messages come up and would not run. I have attached the error messages as well.

JOtti reported no malware issues with the 79877520 or PSEXESVC files. I could not locate the 80110576.sys file in the directory you listed nor in a general search.

Sorry for these incomplete results....

Attached Files



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 PM

Posted 10 August 2011 - 04:17 PM

1.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

2.
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Things to include in your next reply::

MBAM log
SAS log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 12 August 2011 - 08:34 AM

Hi,

Here are the log files.

The startup error message about the Uninstall.exe file still occurs. This file was identified by Command AntiMalware as being a password stealer. It appears in the C:\Documents and Settings\All Users\Start Menu\Programs\Startup directory after every restart but it shows a size of 0. It can only be deleted in Safe Mode but always comes back.
Attached is the directory list showing the file (uninstall.doc). Maybe it really isn't a problem???



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7435

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

8/11/2011 12:10:21 PM
mbam-log-2011-08-11 (12-10-21).txt

Scan type: Quick scan
Objects scanned: 145259
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2011 at 06:08 PM

Application Version : 5.0.1116

Core Rules Database Version : 7443
Trace Rules Database Version: 5255

Scan type : Complete Scan
Total Scan Time : 00:17:25

Operating System Information
Windows 2000 Professional 32-bit, Service Pack 4 (Build 5.00.2195)
Administrator

Memory items scanned : 203
Memory threats detected : 0
Registry items scanned : 31874
Registry threats detected : 0
File items scanned : 10427
File threats detected : 246

Adware.Tracking Cookie
.nxp.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.onetoone.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.elephantgroup.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.walmart.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
mediamatters.org [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
tracking.williamsburgmarketplace.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
tracking.williamsburgmarketplace.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wclyejcjcaq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.f2network.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.warnerbros.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.samsclub.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.healthgrades.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.trackalyzer.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
traffic.buyservices.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.microsoftwlcashback.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.maximintegratedproducts.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.hospitalityebusiness.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bassproshops.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
serv12.bluffmedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
naked.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.naked.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.allbritton.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.interchangecorporation.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.supermediastore.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
stats.cardschat.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.socialmedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.texasinstrument.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
link.mercent.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.micron.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.onetruemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.borders.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
ox-d.w00tmedia.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.foxinteractivemedia.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.dardenrestaurants.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.clickbooth.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
jmp.clickbooth.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
gr.burstnet.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
gr.burstnet.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
gr.burstnet.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
adserver.exgfnetwork.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.men4sexnow.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.men4sexnow.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.men4sexnow.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.men4sexnow.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
dsn.men4sexnow.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.blackfemalehookuplacenterky.tk [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
adserver.twitpic.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.d3.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.qnsr.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
o1.qnsr.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.erostranssexuals.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.erostranssexuals.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.erostranssexuals.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.supermediastore.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.supermediastore.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.app.insightgrit.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.ehg-apcc.hitbox.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.findhotescorts.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.naked.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.clickbank.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.clickbank.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
ads.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
www.localadultpages.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultsearch.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.adultsearch.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.florida.adultsearch.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.florida.adultsearch.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.florida.adultsearch.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\MIKE B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMB5570X.DEFAULT\COOKIES.SQLITE ]

Attached Files



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 PM

Posted 12 August 2011 - 07:25 PM

Hello,

Let go ahead and have that file looked at by Jotti

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uninstall.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Edited by fireman4it, 12 August 2011 - 07:25 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 15 August 2011 - 08:09 AM

Hi Fireman,

I tried to submit the file to Jotti (see attachment) but it comes back and says 'no file uploaded'. I thought it might be because the file had no size but now it is 412KB. Very strange.

Attached Files



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 PM

Posted 15 August 2011 - 04:16 PM

Hello,

GO ahead and try to upload the file again to Jotti if that doesn't work try using the alternate VirusTotal.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 16 August 2011 - 09:00 AM

Hi,

It wasn't that Jotti was busy but somehow the malware was not letting the file be uploaded. So I ran Jotti in Safe Mode and 16 of 19 scanners reported it as malware. I captured the screenshot but it is too big to attach. It says I have used 500k of my 512k global upload quota??? How should I send you the results?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users