Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting problem on google, etc.


  • Please log in to reply
10 replies to this topic

#1 suitexpee36

suitexpee36

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:01 AM

Posted 02 August 2011 - 10:39 AM

I've been experiencing problems for the past few months now where I use Google and every link I click on redirects me to a completely different site. In order for me to even access the site I have to copy and paste the link into the address. My computer is very slowly even though there's not a lot of information on it, only a few games, maybe 1000 pictures, and music I've downloaded from Limewire/Frostwire. Whenever my computer loads, it tries to download 'Solution Center,' but then says I need the disk to finish it (which I have no recollection of having.) Also something that seems weird, anytime I turn on the computer a completely different log in screen asks me for my password. It's a black background with a blue screen/white letters, and then it lets me onto the normal login screen, with my picture and names, to enter my password AGAIN.

I've already tried downloading McAfee Total Protection (I paid 75$ for it) and it seemed to help only a little for making my computer faster and fixing some earlier problems where I couldn't use anything when I started it up. I've tried creating a new username which only made loading the home screen faster, but I still have all the original problems. I've tried disabling Javascripts which seemed to work for a little while with the redirecting, but it no longer works. I also tried only using Mozilla Firefox (I heard somewhere it's a safer browser) with no results.

That's about as much detail as I can think of, and if anyone could help me I would GREATLY appreciate it! If there's any other information you need, feel free to ask. Thank you

Edited by hamluis, 02 August 2011 - 10:45 AM.
Changed font, moved from XP to Am I infected..


BC AdBot (Login to Remove)

 


#2 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 02 August 2011 - 12:20 PM

Lets perform some scans untill someone frome the bc staff arrivies:

Welcome aboardPosted Image


*download hitman pro from here:
http://download.cnet.com/Hitman-Pro-3-32-bit/3000-2239_4-10895604.html

*double click on the saved file.

*It will update automatically by showing up a window.

*click next.

*under the next tab,click default scan.

*come back here with results.do not take any action untill told to do so.


THEN

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:01 AM

Posted 02 August 2011 - 11:17 PM

Hi suitexpee36,


Please be advised that:

As this is an open area, available for any member to post in, please use caution when following the advice given. Instructions from the following member groups is to be considered trusted:
Admin | Site Admin | Global Moderator | Moderator | Malware Study Hall Admin | Malware Response Instructor | Malware Response Team | BC Advisor

Other trusted helpers include Malware Study Hall Junior and Malware Study Hall Senior with "Member of the Bleeping Computer A.I.I. early response team!" in their signature.


From this topic: http://www.bleepingcomputer.com/forums/topic182397.html

 

Do you still need help? If so, continue to follow these instructions:

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step2: Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

:step3: Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others checked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen, under "Select Scan Type" click Complete Scan.
  • On the left, make sure you check C:\.
  • Click Start Complete Scan > Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

:step4: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • MiniToolBox log
  • Malwarebytes log
  • SUPERAntiSpyware log
  • GMER log
  • How's the computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 03 August 2011 - 01:38 AM

well,we are allowed to post here under certain restrictions:

forum topic:

http://www.bleepingcomputer.com/forums/topic383782.html

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:01 AM

Posted 03 August 2011 - 10:40 AM

well,we are allowed to post here under certain restrictions:

forum topic:

http://www.bleepingcomputer.com/forums/topic383782.html


I never said you weren't allowed to post here. I just advised suitexpee36 that the only trusted advice given in the Am I Infected forum comes from: Admin | Site Admin | Global Moderator | Moderator | Malware Study Hall Admin | Malware Response Instructor | Malware Response Team | BC Advisor

Other trusted helpers include Malware Study Hall Junior and Malware Study Hall Senior with "Member of the Bleeping Computer A.I.I. early response team!" in their signature.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 04 August 2011 - 01:00 AM

well,i am sorry...

#7 suitexpee36

suitexpee36
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:01 AM

Posted 14 September 2011 - 01:46 PM

MiniToolBox by Farbar 

Ran by Jake (administrator) on 14-09-2011 at 14:41:04

Windows Vista (TM) Home Premium Service Pack 1 (X86)



***************************************************************************



========================= IE Proxy Settings: ============================== 



Proxy is not enabled.

No Proxy Server is set.



========================= FF Proxy Settings: ============================== 



========================= Hosts content: =================================



::1             localhost



127.0.0.1       localhost



========================= IP Configuration: ================================



# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4



reset

set global icmpredirects=enabled





popd

# End of IPv4 configuration







Windows IP Configuration



   Host Name . . . . . . . . . . . . : NicolesPC

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No



Wireless LAN adapter Wireless Network Connection:



   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter

   Physical Address. . . . . . . . . : 00-1B-9E-ED-59-5F

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::d5b3:bd96:4bf6:4916%12(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.13(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Wednesday, September 14, 2011 2:17:14 PM

   Lease Expires . . . . . . . . . . : Thursday, September 15, 2011 2:16:24 PM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DNS Servers . . . . . . . . . . . : 192.168.1.1

   NetBIOS over Tcpip. . . . . . . . : Enabled



Ethernet adapter Local Area Connection:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)

   Physical Address. . . . . . . . . : 00-1E-33-3A-B5-BB

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Local Area Connection* 6:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : isatap.{BD700D70-4407-43E8-AA8B-DDA1E4D7C854}

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Local Area Connection* 11:



   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 02-00-54-55-4E-01

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1407:3854:3f57:fef2(Preferred) 

   Link-local IPv6 Address . . . . . : fe80::1407:3854:3f57:fef2%13(Preferred) 

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Local Area Connection* 12:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : isatap.{29E88B49-1181-4AB4-BBCE-6E1E1C2D3ABB}

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  UnKnown

Address:  192.168.1.1



Name:    google.com

Addresses:  74.125.113.104

	  74.125.113.103

	  74.125.113.99

	  74.125.113.106

	  74.125.113.147

	  74.125.113.105







Pinging google.com [74.125.73.103] with 32 bytes of data:



Reply from 74.125.73.103: bytes=32 time=57ms TTL=51



Reply from 74.125.73.103: bytes=32 time=57ms TTL=51







Ping statistics for 74.125.73.103:



    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Approximate round trip times in milli-seconds:



    Minimum = 57ms, Maximum = 57ms, Average = 57ms



Server:  UnKnown

Address:  192.168.1.1



Name:    yahoo.com

Addresses:  98.137.149.56

	  209.191.122.70

	  67.195.160.76

	  69.147.125.65

	  72.30.2.43







Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=76ms TTL=48



Reply from 209.191.122.70: bytes=32 time=44ms TTL=48







Ping statistics for 209.191.122.70:



    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Approximate round trip times in milli-seconds:



    Minimum = 44ms, Maximum = 76ms, Average = 60ms







Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128







Ping statistics for 127.0.0.1:



    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Approximate round trip times in milli-seconds:



    Minimum = 0ms, Maximum = 0ms, Average = 0ms



===========================================================================

Interface List

 12 ...00 1b 9e ed 59 5f ...... Atheros AR5007EG Wireless Network Adapter

 10 ...00 1e 33 3a b5 bb ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)

  1 ........................... Software Loopback Interface 1

 11 ...00 00 00 00 00 00 00 e0  isatap.{BD700D70-4407-43E8-AA8B-DDA1E4D7C854}

 13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface

 14 ...00 00 00 00 00 00 00 e0  isatap.{29E88B49-1181-4AB4-BBCE-6E1E1C2D3ABB}

===========================================================================



IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.13     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link      192.168.1.13    281

     192.168.1.13  255.255.255.255         On-link      192.168.1.13    281

    192.168.1.255  255.255.255.255         On-link      192.168.1.13    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      192.168.1.13    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      192.168.1.13    281

===========================================================================

Persistent Routes:

  None



IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 13     18 ::/0                     On-link

  1    306 ::1/128                  On-link

 13     18 2001::/32                On-link

 13    266 2001:0:4137:9e76:1407:3854:3f57:fef2/128

                                    On-link

 12    281 fe80::/64                On-link

 13    266 fe80::/64                On-link

 13    266 fe80::1407:3854:3f57:fef2/128

                                    On-link

 12    281 fe80::d5b3:bd96:4bf6:4916/128

                                    On-link

  1    306 ff00::/8                 On-link

 13    266 ff00::/8                 On-link

 12    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None



========================= Event log errors: ===============================



Application errors:

==================

Error: (09/14/2011 02:38:13 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.



Context:  Application, SystemIndex Catalog



Details:

	A device attached to the system is not functioning.   (0x8007001f)



Error: (09/14/2011 02:38:13 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.



Context:  Application, SystemIndex Catalog



Details:

	A device attached to the system is not functioning.   (0x8007001f)



Error: (09/14/2011 02:23:19 PM) (Source: MsiInstaller) (User: Jake)Jake

Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.



Error: (09/14/2011 02:20:20 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.

This is often caused by incorrect security settings in either the writer or requestor process.





Operation:

   Gathering Writer Data



Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {ab8845bb-117c-4f71-9362-d923ccf06a2b}



Error: (09/14/2011 02:17:34 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (08/02/2011 02:12:35 PM) (Source: EventSystem) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}



Error: (08/02/2011 02:11:53 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 71963



Error: (08/02/2011 02:11:53 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 71963



Error: (08/02/2011 02:11:50 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second



Error: (08/02/2011 02:11:11 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 33181





System errors:

=============

Error: (09/14/2011 02:17:34 PM) (Source: Service Control Manager) (User: )

Description: Cdr4_xp



Error: (09/14/2011 02:17:10 PM) (Source: HTTP) (User: )

Description: \Device\Http\ReqQueueKerberos



Error: (08/02/2011 02:12:49 PM) (Source: Service Control Manager) (User: )

Description: McAfee Scanner1



Error: (08/02/2011 02:12:32 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}



Error: (08/02/2011 10:18:21 AM) (Source: DCOM) (User: )

Description: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}



Error: (08/02/2011 10:07:18 AM) (Source: DCOM) (User: )

Description: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A}



Error: (08/02/2011 10:06:42 AM) (Source: DCOM) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}



Error: (08/02/2011 10:02:03 AM) (Source: Service Control Manager) (User: )

Description: Cdr4_xp



Error: (08/02/2011 10:00:59 AM) (Source: HTTP) (User: )

Description: \Device\Http\ReqQueueKerberos



Error: (08/02/2011 10:00:51 AM) (Source: EventLog) (User: )

Description: The previous system shutdown at 1:35:18 PM on 7/27/2011 was unexpected.





Microsoft Office Sessions:

=========================



=========================== Installed Programs ============================



32 Bit HP CIO Components Installer (Version: 7.1.8)

6000E609_eDocs (Version: 1.00.0000)

6000E609_Help (Version: 1.00.0000)

6000E609n (Version: 50.0.165.000)

AccessPORT Driver 1.2.2

AccessPORT Manager 2.0.1.3 (Version: 2.0.1.3)

AccessPORT Updater 1.2.6.0 (Version: 1.2.6.0)

Activation Assistant for the 2007 Microsoft Office suites

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)

Adobe AIR (Version: 2.5.1.17730)

Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)

Adobe Flash Player 10 Plugin (Version: 10.3.183.7)

Apple Application Support (Version: 1.5.0)

Apple Mobile Device Support (Version: 3.4.0.25)

Apple Software Update (Version: 2.1.2.120)

Ask Toolbar (Version: 1.9.1.0)

Atheros Driver Installation Program (Version: 7.1)

Atheros Wi-Fi Protected Setup Library

ATI Catalyst Install Manager (Version: 3.0.634.0)

Bonjour (Version: 2.0.4.0)

BPDSoftware (Version: 50.0.165.000)

BPDSoftware_Ini (Version: 1.00.0000)

BufferChm (Version: 120.0.194.000)

Camera Assistant Software for Toshiba (Version: 1.7.175.0123)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Core Implementation (Version: 2007.0815.2326.40058)

Catalyst Control Center Graphics Full Existing (Version: 2007.0815.2326.40058)

Catalyst Control Center Graphics Full New (Version: 2007.0815.2326.40058)

Catalyst Control Center Graphics Light (Version: 2007.0815.2326.40058)

Catalyst Control Center Graphics Previews Vista (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Chinese Standard (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Chinese Traditional (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Czech (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Danish (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Dutch (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Finnish (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization French (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization German (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Greek (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Hungarian (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Italian (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Japanese (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Korean (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Norwegian (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Polish (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Portuguese (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Russian (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Spanish (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Swedish (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Thai (Version: 2007.0815.2326.40058)

Catalyst Control Center Localization Turkish (Version: 2007.0815.2326.40058)

ccc-core-static (Version: 2007.0815.2326.40058)

ccc-utility (Version: 2007.0815.2326.40058)

CCC Help Chinese Standard (Version: 2007.0815.2325.40058)

CCC Help Chinese Traditional (Version: 2007.0815.2325.40058)

CCC Help Czech (Version: 2007.0815.2325.40058)

CCC Help Danish (Version: 2007.0815.2325.40058)

CCC Help Dutch (Version: 2007.0815.2325.40058)

CCC Help English (Version: 2007.0815.2325.40058)

CCC Help Finnish (Version: 2007.0815.2325.40058)

CCC Help French (Version: 2007.0815.2325.40058)

CCC Help German (Version: 2007.0815.2325.40058)

CCC Help Greek (Version: 2007.0815.2325.40058)

CCC Help Hungarian (Version: 2007.0815.2325.40058)

CCC Help Italian (Version: 2007.0815.2325.40058)

CCC Help Japanese (Version: 2007.0815.2325.40058)

CCC Help Korean (Version: 2007.0815.2325.40058)

CCC Help Norwegian (Version: 2007.0815.2325.40058)

CCC Help Polish (Version: 2007.0815.2325.40058)

CCC Help Portuguese (Version: 2007.0815.2325.40058)

CCC Help Russian (Version: 2007.0815.2325.40058)

CCC Help Spanish (Version: 2007.0815.2325.40058)

CCC Help Swedish (Version: 2007.0815.2325.40058)

CCC Help Thai (Version: 2007.0815.2325.40058)

CCC Help Turkish (Version: 2007.0815.2325.40058)

CD/DVD Drive Acoustic Silencer (Version: 2.02.01)

Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)

DeviceDiscovery (Version: 120.0.194.000)

DVD MovieFactory for TOSHIBA (Version: 5.51)

FrostWire 4.21.3 (Version: 4.21.3.0)

GearDrvs (Version: 1)

Google Desktop (Version: -)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.1.1821.1806)

Google Update Helper (Version: 1.3.21.69)

GPBaseService2 (Version: 120.0.194.000)

HP Customer Participation Program 12.0 (Version: 12.0)

HP Imaging Device Functions 12.0 (Version: 12.0)

HP Officejet 6000 E609 Series (Version: 12.0)

HP Smart Web Printing (Version: 4.05)

HP Solution Center 12.0 (Version: 12.0)

HP Update (Version: 5.003.001.001)

HPProductAssistant (Version: 120.0.194.000)

HPSSupply (Version: 120.0.194.000)

iTunes (Version: 10.2.1.1)

Java(TM) 6 Update 3 (Version: 1.6.0.30)

MarketResearch (Version: 120.0.226.000)

McAfee Online Backup

McAfee Online Backup (Version: 1.16.4.0)

McAfee Total Protection (Version: 10.5.239)

Memeo AutoBackup (Version: 3.00.3023)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Works (Version: 9.7.0621)

Microsoft XML Parser (Version: 8.20.8730.4)

MobileMe Control Panel (Version: 3.1.5.0)

Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Nancy Drew: Shadow at the Water's Edge (Version: 1.0.0)

Network (Version: 120.0.194.000)

Norton 360 (Version: 1.2.0.10)

ProductContext (Version: 50.0.165.000)

QuickTime (Version: 7.69.80.9)

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)

Realtek High Definition Audio Driver (Version: 6.0.1.5559)

Realtek USB 2.0 Card Reader (Version: )

Safari (Version: 5.33.20.27)

Shop for HP Supplies (Version: 12)

Skins (Version: 2007.0815.2326.40058)

SmartWebPrinting (Version: 120.0.194.000)

SolutionCenter (Version: 120.0.194.000)

Status (Version: 120.0.194.000)

Synaptics Pointing Device Driver (Version: 10.1.8.0)

Toolbox (Version: 120.0.194.000)

TOSHIBA Assist (Version: 2.01.05)

TOSHIBA ConfigFree (Version: 7.1.27)

TOSHIBA Disc Creator (Version: 2.0.1.1a)

TOSHIBA DVD PLAYER (Version: 1.20.10)

TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)

TOSHIBA Face Recognition (Version: 1.0.2.32)

TOSHIBA Games (Version: 1.0.0.43)

TOSHIBA Hardware Setup (Version: 2.00.06)

Toshiba Registration (Version: 1.00.0000)

TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))

TOSHIBA Software Upgrades (Version: 4.3)

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password (Version: 2.00.03)

TOSHIBA Value Added Package (Version: 1.1.14)

TrayApp (Version: 120.0.194.000)

WebReg (Version: 120.0.194.000)

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series (Version: 9.00.3374)

Yahoo! Toolbar



========================= Memory info: ===================================



Percentage of memory in use: 52%

Total physical RAM: 1916.89 MB

Available physical RAM: 915.28 MB

Total Pagefile: 4074.31 MB

Available Pagefile: 2600.01 MB

Total Virtual: 2047.88 MB

Available Virtual: 1976.3 MB



========================= Partitions: =====================================



1 Drive c: (SQ004668V05) (Fixed) (Total:184.84 GB) (Free:127.37 GB) NTFS



========================= Users: ========================================



User accounts for \\NICOLESPC



Administrator            Guest                    Jake                     

Nicole                   





**** End of log ****



#8 suitexpee36

suitexpee36
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:01 AM

Posted 14 September 2011 - 02:31 PM

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org



Database version: 7716



Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19088



9/14/2011 3:12:57 PM

mbam-log-2011-09-14 (15-12-57).txt



Scan type: Quick scan

Objects scanned: 189579

Time elapsed: 17 minute(s), 54 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

c:\Windows\System32\config\systemprofile\local settings\temporary internet files\Content.IE5\J3FGDKRT\3291[1].exe (Trojan.P2P.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:01 AM

Posted 14 September 2011 - 02:34 PM

Hi suitexpee36,

Looking good. :thumbup2:

Please continue with steps 3 and 4 from my original post.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 suitexpee36

suitexpee36
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:01 AM

Posted 19 December 2011 - 09:31 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/14/2011 at 06:07 PM

Application Version : 5.0.1118

Core Rules Database Version : 7689
Trace Rules Database Version: 5501

Scan type : Complete Scan
Total Scan Time : 02:26:23

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned : 924
Memory threats detected : 0
Registry items scanned : 38416
Registry threats detected : 0
File items scanned : 37172
File threats detected : 221

Rogue.AVGAntivirus2011
C:\Program Files\AVG Antivirus 2011

Adware.Tracking Cookie
C:\USERS\NICOLE\APPDATA\LOCAL\TEMP\LOW\COOKIES\NICOLE@ADVERTISING[1].TXT
C:\USERS\NICOLE\APPDATA\LOCAL\TEMP\LOW\COOKIES\NICOLE@ADS.TRAFFIKINGS[1].TXT
C:\USERS\NICOLE\APPDATA\LOCAL\TEMP\LOW\COOKIES\NICOLE@ADULTFRIENDFINDER[2].TXT
C:\USERS\NICOLE\APPDATA\LOCAL\TEMP\LOW\COOKIES\NICOLE@BANNERS.FACEBOOKOFSEX[1].TXT
C:\USERS\NICOLE\APPDATA\LOCAL\TEMP\LOW\COOKIES\NICOLE@CONTENT.YIELDMANAGER[1].TXT
C:\USERS\NICOLE\APPDATA\LOCAL\TEMP\LOW\COOKIES\NICOLE@POINTROLL[2].TXT
C:\USERS\NICOLE\APPDATA\LOCAL\TEMP\LOW\COOKIES\NICOLE@PORNHUB[2].TXT
C:\USERS\NICOLE\APPDATA\LOCAL\TEMP\LOW\COOKIES\NICOLE@SPECIFICCLICK[2].TXT
cdn1.static.pornhub.phncdn.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
core.insightexpressai.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
files.youporn.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
ia.media-imdb.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
imgs.adverticum.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
macromedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
media.mtvnservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
media1.shufuni.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
s0.2mdn.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
secure-us.imrworldwide.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
vidii.hardsextube.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
www.mofosex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
www.naiadsystems.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
www.pornhub.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
www.realgfporn.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LXD9U4DC ]
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NICOLE@DOUBLECLICK[1].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@ADTECH[1].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@AD2.ADFARM1.ADITION[1].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@ADSERVING.VERSANEEDS[1].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@CONTENT.YIELDMANAGER[2].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@ADVERTISING[1].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@APMEBF[2].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@CLICKSOR[2].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@CONTENT.YIELDMANAGER[3].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@IMRWORLDWIDE[2].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@LUCIDMEDIA[2].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@MEDIABRANDSWW[2].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@OPTI.INEXTMEDIA[2].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@POINTROLL[1].TXT
C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\NICOLE@VIDASCO.ROTATOR.HADJ7.ADJUGGLER[1].TXT
.liveperson.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.www.icityfind.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.www.plomedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
www.find-quick-results.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
counter.surfcounters.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.nhl.112.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
clicks.search312.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.bestsearchfind.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
clicks.bestsearchfind.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.bestsearchfind.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
pixel.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
www.findstuffforme.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
www.pornhub.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.pornhublive.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
pornhublive.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.delivery.trafficjunky.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.theclickcheck.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.theclickcheck.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.theclickcheck.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
www.plomedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
www.findstuff.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
ads.zeusclicks.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adverticum.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adverticum.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.trafficengine.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWT2J356.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Kundo
C:\WINDOWS\SYSTEM32\SLUIA.DLL

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:01 AM

Posted 19 December 2011 - 09:44 PM

Hi suitexpee36,

How's your computer running now?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users