Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Occasional BSOD (oh noes!)


  • Please log in to reply
4 replies to this topic

#1 daria723

daria723

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 31 July 2011 - 02:27 PM

So...

I have a Dell 600m machine running Windows XP Service Pack 3 and I think it's on its last legs. I'm nostalgic, though, and it's been so good to me that I don't want to buy a new one until it really craps out. So here's my issue:

About two months ago I upgraded the memory from 512MB to 2GB (Patriot PC2700 333mhz), and it seemed to work great. I replaced both slots from 256 to 1 gig, but ever since, I get an occasional BSOD, like every month or so. They aren't always the same thing. The only thing I've installed since this memory upgrade is Google Chrome, but I installed it after I had gotten a few blue screens already so I don't think it is my only problem. I can't find any malware and I ran diagnostic memory tests using Dell's utility but it didn't find anything wrong. Yesterday, I got three blue screens and so ran memtest86+ for 7 passes but it found no errors. So following the instructions in another forum post, I got debugging tools for windows and analyzed a few .dmp files from yesterday in the Minidump folder on my machine.

Here's what I got:



***** Last Crash *********

Microsoft ® Windows Debugger Version 6.12.0002.633 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini073011-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.101209-1647
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b240
Debug session time: Sat Jul 30 20:52:19.555 2011 (UTC - 7:00)
System Uptime: 0 days 0:52:21.781
Loading Kernel Symbols
...............................................................
................................................................
.............Unable to add module at ab401000
.Unable to add module at ab3c0000

Loading User Symbols
Loading unloaded module list
............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10000050, {ffffff84, 0, bf89a934, 0}


Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!UpdateAsyncKeyState+bd )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffff84, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf89a934, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: ffffff84

FAULTING_IP:
win32k!UpdateAsyncKeyState+bd
bf89a934 8b4284 mov eax,dword ptr [edx-7Ch]

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: csrss.exe

LAST_CONTROL_TRANSFER: from bf89b317 to bf89a934

STACK_TEXT:
b6663918 bf89b317 e2192a78 8a59aee4 00008000 win32k!UpdateAsyncKeyState+0xbd
b6663978 bf89bbeb 00008059 b6660015 002ff091 win32k!xxxKeyEvent+0x21c
b66639ac bf86dd77 b6663959 00000000 00000000 win32k!xxxProcessKeyEvent+0x221
b66639ec bf86e880 e1ba5b00 59ba5b10 00000001 win32k!ProcessKeyboardInputWorker+0x24d
b6663a0c bf8ba55e e1ba5b10 8a56dda8 b6663a64 win32k!ProcessKeyboardInput+0x68
b6663a1c 804f1728 e1ba5b10 e1ba5b38 00000000 win32k!InputApc+0x4e
b6663a64 804ecaf9 00000000 00000000 00000000 nt!KiDeliverApc+0x124
b6663a7c 804e3b8d 804dcbe4 00000001 00000000 nt!KiSwapThread+0x64
b6663ab4 bf88311f 00000007 8a87baf8 00000001 nt!KeWaitForMultipleObjects+0x284
b6663d30 bf8b8f3f b6673490 00000002 b6663d54 win32k!RawInputThread+0x4f3
b6663d40 bf801112 b6673490 b6663d64 0070fff4 win32k!xxxCreateSystemThreads+0x60
b6663d54 804de7ec 00000000 00000022 00000000 win32k!NtUserCallOneParam+0x23
b6663d54 7c90e514 00000000 00000022 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!UpdateAsyncKeyState+bd
bf89a934 8b4284 mov eax,dword ptr [edx-7Ch]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!UpdateAsyncKeyState+bd

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4de797d3

FAILURE_BUCKET_ID: 0x50_win32k!UpdateAsyncKeyState+bd

BUCKET_ID: 0x50_win32k!UpdateAsyncKeyState+bd

Followup: MachineOwner
---------




***** Previous Crash (also yesterday) *******



Loading Dump File [C:\WINDOWS\Minidump\Mini073011-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.101209-1647
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b240
Debug session time: Sat Jul 30 16:35:02.111 2011 (UTC - 7:00)
System Uptime: 17 days 13:13:28.658
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {7f01, 2, 1, 8000b856}

Probably caused by : ntoskrnl.exe ( nt!KiSwapThread+46 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00007f01, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8000b856, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: 00007f01

CURRENT_IRQL: 2

FAULTING_IP:
+bb
8000b856 2000 and byte ptr [eax],al

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: chrome.exe

LAST_CONTROL_TRANSFER: from 804dc0f7 to 8000b856

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
ae0d6974 804dc0f7 00ff0000 8900f600 80673b8d 0x8000b856
ae0d69f4 804e619d 00006d64 00000000 ae0d6a24 nt!KiSwapThread+0x46
ae0d6cdc 804e4949 00000000 89759808 00000000 nt!KiContinuePreviousModeUser+0x74
ae0d6cfc ae0d6d54 89008fd8 00100002 e1758440 nt!KeReleaseMutant+0xbb
ae0d6d10 00710000 89759808 00e60002 00000000 0xae0d6d54
ae0d6d14 89759808 00e60002 00000000 00000002 0x710000
ae0d6d18 00e60002 00000000 00000002 01000000 0x89759808
ae0d6d1c 00000000 00000002 01000000 00006d64 0xe60002


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiSwapThread+46
804dc0f7 84c0 test al,al

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiSwapThread+46

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4d00dbda

FAILURE_BUCKET_ID: 0xD1_nt!KiSwapThread+46

BUCKET_ID: 0xD1_nt!KiSwapThread+46

Followup: MachineOwner
---------



Any assistance would be greatly appreciated! But if you tell me I just need to move on and move up, that's okay too...

Edited by daria723, 31 July 2011 - 02:31 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:09 PM

Posted 31 July 2011 - 02:42 PM

We need to know more about your BSODs...

Download BlueScreenView (in Zip file)

No installation required.

Unzip downloaded file and double click on BlueScreenView.exe file to run the program and When scanning is done, go to Edit > Select All.

Then go to File > Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Compliments of Broni

#3 daria723

daria723
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 31 July 2011 - 03:11 PM

==================================================
Dump File : Mini073011-03.dmp
Crash Time : 7/30/2011 8:53:31 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xffffff84
Parameter 2 : 0x00000000
Parameter 3 : 0xbf89a934
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+9a934
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+9a934
Stack Address 1 : win32k.sys+9b317
Stack Address 2 : win32k.sys+9bbeb
Stack Address 3 : win32k.sys+6dd77
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini073011-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini073011-02.dmp
Crash Time : 7/30/2011 5:54:53 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000000
Parameter 2 : 0x887fe84a
Parameter 3 : 0x00000000
Parameter 4 : 0xad869cbc
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini073011-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini073011-01.dmp
Crash Time : 7/30/2011 4:35:45 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00007f01
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8000b856
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini073011-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini052911-01.dmp
Crash Time : 5/29/2011 6:51:36 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0394a8c
Parameter 2 : 0xc0000102
Parameter 3 : 0xe52a3008
Parameter 4 : 0x5ea4d900
Caused By Driver : hal.dll
Caused By Address : hal.dll+103c
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c846
Stack Address 1 : ntoskrnl.exe+4adf1
Stack Address 2 : ntoskrnl.exe+222b0
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini052911-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini052711-01.dmp
Crash Time : 5/27/2011 7:27:37 PM
Bug Check String : ACPI_BIOS_ERROR
Bug Check Code : 0x000000a5
Parameter 1 : 0x00000011
Parameter 2 : 0x00000006
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini052711-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini011010-01.dmp
Crash Time : 1/10/2010 8:35:55 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x806ed134
Parameter 3 : 0xf8bd1c28
Parameter 4 : 0xf8bd1924
Caused By Driver : hal.dll
Caused By Address : hal.dll+1134
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : hal.dll+1134
Stack Address 1 : fltMgr.sys+17808
Stack Address 2 : fltMgr.sys+18d56
Stack Address 3 : fltMgr.sys+b5f7
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011010-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini072408-01.dmp
Crash Time : 7/24/2008 5:50:32 AM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x8227c910
Parameter 3 : 0x8227ca84
Parameter 4 : 0x805fa160
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c54e
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c54e
Stack Address 1 : ntoskrnl.exe+155623
Stack Address 2 : ntoskrnl.exe+12311e
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072408-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini021808-01.dmp
Crash Time : 2/17/2008 6:50:22 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xfffffff8
Parameter 2 : 0x00000000
Parameter 3 : 0xf6eb8552
Parameter 4 : 0x00000000
Caused By Driver : Fastfat.SYS
Caused By Address : Fastfat.SYS+b552
File Description : Fast FAT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : Fastfat.SYS+b552
Stack Address 1 : Fastfat.SYS+b90f
Stack Address 2 : Fastfat.SYS+1ebf1
Stack Address 3 : Fastfat.SYS+b07e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini021808-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================


Thanks!

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:09 PM

Posted 31 July 2011 - 03:12 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.

      Scan with SUPERAntiSpyware as follows:[list]
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#5 daria723

daria723
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 31 July 2011 - 06:58 PM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7340

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/31/2011 2:38:28 PM
mbam-log-2011-07-31 (14-38-28).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 246281
Time elapsed: 1 hour(s), 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} (Adware.ISTBar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\ALZALZ.BIN (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ALZZip.BIN (Spyware.Passwords) -> Quarantined and deleted successfully.


____


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2011 at 04:30 PM

Application Version : 4.56.1000

Core Rules Database Version : 7493
Trace Rules Database Version: 5305

Scan type : Complete Scan
Total Scan Time : 01:41:22

Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 7374
Registry threats detected : 0
File items scanned : 30501
File threats detected : 378

Adware.Tracking Cookie
C:\Documents and Settings\Lauren\Cookies\lauren@35487201[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@clickability[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@4505320[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ads.jolinko[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@partner2profit[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@creativeby.viewpoint[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@roiservice[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@www.lyricsmedia[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adserver.easyad[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@socialmedia[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@icc.intellisrv[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ads.urbandictionary[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@svd.112.2o7[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adopt.euroclick[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@internet[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@insightexpresserdd[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@cgi-bin[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adfarm1.adition[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@fastclick[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@revsci[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@S005-01-9-7-276422-102035[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@acronymfinder[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@track.adform[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@feed.peakclick[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adserv.quality-channel[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@interclick[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@richmedia.yahoo[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@s.clickability[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@focalex[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adv.webmd[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@citi.bridgetrack[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adinterax[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@insightexpressai[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@mediaonenetwork[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adserver.adtechus[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@1072720260[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@oddcast[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@insightxe.di[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@m1.webstats4u[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ads.monster[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@kanoodle[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@112.2o7[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ads.realcastmedia[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@valueclick[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@1071953258[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@www.friendcount[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adverts.digitalspy.co[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@insightxe.hd[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ad.admarketplace[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ads.realtechnetwork[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@www.entrepreneur[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@media.sensis.com[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@sensismediasmart.com[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@www.switch-media-group[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@1072446827[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@media.theage.com[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@entrepreneur.us.intellitxt[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@1068632757[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@pt.crossmediaservices[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@atdmt[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@sifomedia.hd[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@specificmedia[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@ad[3].txt
C:\Documents and Settings\Lauren\Cookies\lauren@www.centurymedia[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@1072735109[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@us.puretracks[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@bfast[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@1070500133[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@adsby.webtraffic[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@a1.interclick[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@vhost.oddcast[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@1072190459[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@optimize.indieclick[2].txt
C:\Documents and Settings\Lauren\Cookies\lauren@1070660350[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@tribalfusion[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@abb[1].txt
2mdn.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
adimages.scrippsnetworks.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
adknowledge.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
atdmt.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
broadcast.piximedia.fr [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
cache.specificmedia.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
cdn1.eyewonder.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
convoad.technoratimedia.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
core.insightexpressai.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
ds.serving-sys.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
ec.atdmt.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
i.adultswim.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
ia.media-imdb.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
interclick.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
m1.2mdn.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
m1.au.2mdn.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media.entertonement.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media.gamespy.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media.mtvnservices.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media.nbcchicago.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media.scanscout.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media.tattomedia.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media.thewb.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media01.kyte.tv [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
media1.break.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
msnbcmedia.msn.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
objects.tremormedia.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
piximedia.fr [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
pointroll.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
s0.2mdn.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
spe.atdmt.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
speed.pointroll.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
static.2mdn.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
static.youporn.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
stmedia.startribune.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
track.webgains.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
uclick.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
udn.specificclick.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
vmixmedia-0.vo.llnwd.net [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
web.adknowledge.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
worldlingomedia.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
www.adultswim.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
www.sexandthecitymovie.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
www.switch-media-group.com [ C:\Documents and Settings\Lauren\Application Data\Macromedia\Flash Player\#SharedObjects\AVZNLKHW ]
C:\Documents and Settings\Lauren\Cookies\lauren@media_player[1].txt
.mediaplex.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.getclicky.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.static.getclicky.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
s07.flagcounter.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
va.px.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.rainbowmedia.122.2o7.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.r1-ads.ace.advertising.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
tribune.services.rainbow-media.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.anrtx.tacoda.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.msnbc.112.2o7.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
wstat.wibiya.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaelites.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaelites.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaelites.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaelites.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
mediaelites.sitetracker.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
mediaelites.sitetracker.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
login.tracking101.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
counter.hitslink.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediadecoder.blogs.nytimes.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediadecoder.blogs.nytimes.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
mediadecoder.blogs.nytimes.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adtechus.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
service.liveperson.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas.almamedia.fi [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas.almamedia.fi [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas3.emediate.se [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas3.emediate.se [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas.almamedia.fi [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ar.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
dc.tremormedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
network.realmedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.solvemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.solvemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
track.napprd.netshelter.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\Lauren\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]


___



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-31 16:54:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541060G9AT00 rev.MB3OA61A
Running: tlf5o673.exe; Driver: C:\DOCUME~1\Lauren\LOCALS~1\Temp\fwdyapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAEB3FBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAEB3FA5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEBBF902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users