Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Cryptor Virus and various malware


  • Please log in to reply
5 replies to this topic

#1 unforced error

unforced error

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 20 November 2011 - 01:12 AM

I got one of those fake virus scanner things that's really a virus, so I performed a system restore in safe mode. This happened twice, so I figured the first virus made me more vulnerable to infection or something. Afterwards I ran AVG and it came up with various malware and the win32/cryptor virus. AVG said it deleted everything, but I wanted to make sure so I searched through these forums and performed the MiniToolBox, Malwarebytes, and ESET OnlineScan scans. Malwarebytes caught something else and removed it. Am I finally free of the virus/malware, or is it possible that I'm still infected? Here are the logs:

MiniToolBox by Farbar
Ran by Alex (administrator) on 19-11-2011 at 19:34:35
Windows 7 Enterprise Service Pack 1 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: itgproxy.redmond.corp.microsoft.com:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Alex-MSFT
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.
System Quarantine State . . . . . : Not Restricted


Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-44-7D-7D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Intel® 82566MM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1C-7E-A3-0C-A6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d9c6:4bb8:b5b0:3bd9%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, November 19, 2011 7:25:05 PM
Lease Expires . . . . . . . . . . : Sunday, November 20, 2011 7:25:04 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234888318
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B6-C1-C8-00-1C-7E-A3-0C-A6
DNS Servers . . . . . . . . . . . : 68.87.69.150
68.87.85.102
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.wa.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c45:3b95:bc48:eb1d(Preferred)
Link-local IPv6 Address . . . . . : fe80::c45:3b95:bc48:eb1d%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cns.beaverton.or.bverton.comcast.net
Address: 68.87.69.150

Name: google.com
Addresses: 173.194.33.49
173.194.33.48
173.194.33.50
173.194.33.51
173.194.33.52


Pinging google.com [173.194.33.52] with 32 bytes of data:
Reply from 173.194.33.52: bytes=32 time=13ms TTL=56
Reply from 173.194.33.52: bytes=32 time=20ms TTL=56

Ping statistics for 173.194.33.52:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 20ms, Average = 16ms
Server: cns.beaverton.or.bverton.comcast.net
Address: 68.87.69.150

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=31ms TTL=52
Reply from 98.137.149.56: bytes=32 time=31ms TTL=52

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 31ms, Average = 31ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1f 3b 44 7d 7d ......Intel® Wireless WiFi Link 4965AGN
10...00 1c 7e a3 0c a6 ......Intel® 82566MM Gigabit Network Connection
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 276
192.168.1.102 255.255.255.255 On-link 192.168.1.102 276
192.168.1.255 255.255.255.255 On-link 192.168.1.102 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:c45:3b95:bc48:eb1d/128
On-link
10 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::c45:3b95:bc48:eb1d/128
On-link
10 276 fe80::d9c6:4bb8:b5b0:3bd9/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 c:\Program Files\Forefront TMG Client\FwcWsp.dll [348552] (Microsoft ® Corporation)
Catalog5 02 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 11 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 c:\Program Files\Forefront TMG Client\FwcWsp.dll [348552] (Microsoft ® Corporation)
Catalog9 02 c:\Program Files\Forefront TMG Client\FwcWsp.dll [348552] (Microsoft ® Corporation)
Catalog9 03 c:\Program Files\Forefront TMG Client\FwcWsp.dll [348552] (Microsoft ® Corporation)
Catalog9 04 c:\Program Files\Forefront TMG Client\FwcWsp.dll [348552] (Microsoft ® Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 c:\Program Files\Forefront TMG Client\FwcWsp.dll [348552] (Microsoft ® Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/19/2011 06:16:42 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe -Embedding; Description = Removed Java 2 Runtime Environment, SE v1.4.1_07; Error = 0x8007043c).

Error: (11/19/2011 04:26:13 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2012; Error = 0x8007043c).

Error: (11/19/2011 04:26:09 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2012; Error = 0x8007043c).

Error: (11/19/2011 04:26:04 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2012; Error = 0x8007043c).

Error: (11/19/2011 04:26:03 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2012; Error = 0x8007043c).

Error: (11/18/2011 06:52:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7052

Error: (11/18/2011 06:52:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7052

Error: (11/18/2011 06:52:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/18/2011 06:52:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6053

Error: (11/18/2011 06:52:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6053


System errors:
=============
Error: (11/19/2011 06:33:41 PM) (Source: FEP Antimalware) (User: )
Description: %%828 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (11/19/2011 06:16:26 PM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (11/19/2011 04:29:21 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/19/2011 04:29:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/19/2011 04:29:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/19/2011 04:29:15 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/19/2011 04:29:08 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/19/2011 04:28:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
ctxusbm
discache
MpFilter
spldr
Wanarpv6

Error: (11/19/2011 04:27:11 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/19/2011 04:23:16 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/19/2011 06:16:42 PM) (Source: System Restore)(User: )
Description: C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe -EmbeddingRemoved Java 2 Runtime Environment, SE v1.4.1_070x8007043c

Error: (11/19/2011 04:26:13 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20120x8007043c

Error: (11/19/2011 04:26:09 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20120x8007043c

Error: (11/19/2011 04:26:04 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20120x8007043c

Error: (11/19/2011 04:26:03 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20120x8007043c

Error: (11/18/2011 06:52:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7052

Error: (11/18/2011 06:52:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7052

Error: (11/18/2011 06:52:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/18/2011 06:52:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6053

Error: (11/18/2011 06:52:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6053


=========================== Installed Programs ============================


Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.10)
Adobe Photoshop CS (Version: CS)
Adobe Reader X (Version: 10.0.0)
Age of Empires III (Version: 1.00.0000)
ALPS Touch Pad Driver (Version: 7.2.303.107)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Audacity 1.2.6
AVG 2012 (Version: 12.0.1869)
AVG 2012 (Version: 12.0.2092)
AVG 2012 (Version: 2012.0.1869)
Bing Bar (Version: 7.0.609.0)
Bluetooth Monitor 4 (Version: 4.02.000)
Bonjour (Version: 2.0.4.0)
Cardmod_X86 and MSITPintool (Version: 1.0.0)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Citrix Presentation Server Client - Web Only (Version: 10.200.2650)
D3DX10 (Version: 15.4.2368.0902)
Facebook Video Calling 1.0.0.8953 (Version: 1.0.8953)
Forefront TMG Client (Version: 7.0.7734)
Free Audio CD Burner version 1.4.7
Free YouTube Download version 3.0.16.923
Free YouTube to MP3 Converter version 3.10.11.923
GoldWave v5.58
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Virtualization Desktop Client (Version: 4.6.1.20870)
Microsoft Branding Segoe Font (Version: 1.0.0)
Microsoft Conferencing Add-in for Microsoft Office Outlook (Version: 8.0.6362.190)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Forefront Endpoint Protection (Version: 2.1.6805.0)
Microsoft Forefront Endpoint Protection 2010 (Version: 2.0.2530.0)
Microsoft Forefront Endpoint Protection 2010 Baseline Components (Version: 2.0.2530.0)
Microsoft IT BitLocker Setup (Version: 1.1.74.1)
Microsoft IT StartPoint (Version: 1.0.0)
Microsoft IT VPN (Version: 3.2)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Communicator 2007 R2 (Version: 3.5.6907.236)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.190)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft PIN Tool v3 (Version: 1.0.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers (Version: 1.5)
NVIDIA nView Desktop Manager
ooVoo (Version: 2.9.0089)
PDFCreator (Version: 1.2.0)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
RICOH Media Driver ver.2.07.01.00 (Version: 2.07.01.00)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.1 (Version: 5.1.112)
TOSHIBA Assist (Version: 2.01.11)
TOSHIBA HDD Protection (Version: 2.2.0.1)
TOSHIBA Value Added Package (Version: 1.2.34)
Uninstall 1.0.0.1
VLC media player 1.1.5 (Version: 1.1.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 2014.87 MB
Available physical RAM: 1234.46 MB
Total Pagefile: 4029.73 MB
Available Pagefile: 2807.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.63 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:24.89 GB) NTFS

========================= Users: ========================================

User accounts for \\ALEX-MSFT

Administrator Alex Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8198

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/19/2011 7:47:22 PM
mbam-log-2011-11-19 (19-47-22).txt

Scan type: Quick scan
Objects scanned: 184994
Time elapsed: 8 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Alex\AppData\Local\Temp\A9BA.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Local\Temp\BFF9.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

--------------------------------

The ESET OnlineScan said I was clean so it didn't produce a log

Edited by unforced error, 20 November 2011 - 01:13 AM.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:20 AM

Posted 20 November 2011 - 10:35 AM

Hi unforced error, :busy:

I know it looks like a lot, but it's really just a lot of text asking for only 3 scans.

Once you've done these and posted the results in your next post, let me know how the computer is running.

Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.

============================================================================

============================================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

============================================================================

============================================================================

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

============================================================================

============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

============================================================================

============================================================================

Remember, after posting the results of these scans, let me know how the computer is running.

Edited by TheShooter93, 20 November 2011 - 11:01 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#3 unforced error

unforced error
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 20 November 2011 - 10:40 PM

Hi TheShooter93, my computer seems to be running fine. Start-up seems slightly slower than usual, but that might just be because I'm looking for something wrong. Here are the results of my scans in order. Do you mind explaining the results to me?

--------------------------------------------------------------------------
--------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.28
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (7.0.1) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Forefront Forefront Endpoint Protection 2010 AntiMalware\MsMpEng.exe
``````````End of Log````````````


-----------------------------------------------------------------
-----------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/20/2011 at 02:47 PM

Application Version : 5.0.1136

Core Rules Database Version : 7965
Trace Rules Database Version: 5777

Scan type : Complete Scan
Total Scan Time : 01:29:16

Operating System Information
Windows 7 Enterprise 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 380
Memory threats detected : 0
Registry items scanned : 37198
Registry threats detected : 0
File items scanned : 112919
File threats detected : 207

Adware.Tracking Cookie
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\alex@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\alex@advertising[1].txt [ /advertising ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\alex@atdmt[1].txt [ /atdmt ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\alex@collective-media[1].txt [ /collective-media ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\alex@yieldmanager[2].txt [ /yieldmanager ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\alex@zedo[1].txt [ /zedo ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\alex@zedo[2].txt [ /zedo ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\7BW3VYD7.txt [ /doubleclick.net ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\CSZRJYIE.txt [ /r1-ads.ace.advertising.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\BBZDTV0F.txt [ /eyewonder.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\XEASVKVI.txt [ /adxpose.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\NFTH34J4.txt [ /realmedia.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\VXU2TWG3.txt [ /atdmt.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\U51CXA52.txt [ /invitemedia.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\57GC59R8.txt [ /pointroll.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\3XOM85ZA.txt [ /advertising.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\HI2YK929.txt [ /ads.pointroll.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\YDFOX90H.txt [ /serving-sys.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\28W4VP64.txt [ /network.realmedia.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\BIZRM4X7.txt [ /ad.yieldmanager.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\GGCGSLW0.txt [ /revsci.net ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\O46G0PT2.txt [ /tribalfusion.com ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\TZJLYUHU.txt [ /collective-media.net ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\YIKVKUYZ.txt [ /specificclick.net ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\7GY7PLXD.txt [ /fastclick.net ]
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies\TZDYO30E.txt [ /apmebf.com ]
C:\USERS\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\U0B5307G.txt [ Cookie:alex@adsonar.com/adserving ]
C:\USERS\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@atdmt[1].txt [ Cookie:alex@atdmt.com/ ]
C:\USERS\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@google[2].txt [ Cookie:alex@google.com/accounts/ ]
C:\USERS\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@advertising[2].txt [ Cookie:alex@advertising.com/ ]
C:\USERS\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@adecn[2].txt [ Cookie:alex@adecn.com/ ]
C:\USERS\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@at.atwola[1].txt [ Cookie:alex@at.atwola.com/ ]
C:\USERS\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@tacoda.at.atwola[2].txt [ Cookie:alex@tacoda.at.atwola.com/ ]
C:\USERS\ALEX\AppData\Roaming\Microsoft\Windows\Cookies\Low\alex@statse.webtrendslive[1].txt [ Cookie:alex@statse.webtrendslive.com/ ]
C:\USERS\ALEX\Cookies\7BW3VYD7.txt [ Cookie:alex@doubleclick.net/ ]
C:\USERS\ALEX\Cookies\CSZRJYIE.txt [ Cookie:alex@r1-ads.ace.advertising.com/ ]
C:\USERS\ALEX\Cookies\BBZDTV0F.txt [ Cookie:alex@eyewonder.com/ ]
C:\USERS\ALEX\Cookies\XEASVKVI.txt [ Cookie:alex@adxpose.com/ ]
C:\USERS\ALEX\Cookies\NFTH34J4.txt [ Cookie:alex@realmedia.com/ ]
C:\USERS\ALEX\Cookies\VXU2TWG3.txt [ Cookie:alex@atdmt.com/ ]
C:\USERS\ALEX\Cookies\U51CXA52.txt [ Cookie:alex@invitemedia.com/ ]
C:\USERS\ALEX\Cookies\3XOM85ZA.txt [ Cookie:alex@advertising.com/ ]
C:\USERS\ALEX\Cookies\alex@zedo[2].txt [ Cookie:alex@zedo.com/ ]
C:\USERS\ALEX\Cookies\YDFOX90H.txt [ Cookie:alex@serving-sys.com/ ]
C:\USERS\ALEX\Cookies\28W4VP64.txt [ Cookie:alex@network.realmedia.com/ ]
C:\USERS\ALEX\Cookies\BIZRM4X7.txt [ Cookie:alex@ad.yieldmanager.com/ ]
C:\USERS\ALEX\Cookies\O46G0PT2.txt [ Cookie:alex@tribalfusion.com/ ]
C:\USERS\ALEX\Cookies\TZJLYUHU.txt [ Cookie:alex@collective-media.net/ ]
C:\USERS\ALEX\Cookies\YIKVKUYZ.txt [ Cookie:alex@specificclick.net/ ]
C:\USERS\ALEX\Cookies\TZDYO30E.txt [ Cookie:alex@apmebf.com/ ]
C:\USERS\ALEX\Cookies\U0B5307G.txt [ Cookie:alex@adsonar.com/adserving ]
.serving-sys.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avgtechnologies.112.2o7.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.dsmmadvantage.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.mtvnservices.com [ C:\USERS\ALEX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G75LANC9 ]
secure-us.imrworldwide.com [ C:\USERS\ALEX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\G75LANC9 ]
C:\USERS\ALEX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEX@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
.atdmt.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.game-advertising-online.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.eset.122.2o7.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0LQP6NDN.DEFAULT\COOKIES.SQLITE ]


------------------------------------------------------------
------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-20 19:34:06
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.DCCO
Running: 4n1e9qbq.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kgtcqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x91FF9F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x91FF9FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x91FFA080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x91FFA11C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C43349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82C84054 4 Bytes [3C, 9F, FF, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82C84324 8 Bytes [E4, 9F, FF, 91, 80, A0, FF, ...] {IN AL, 0x9f; CALL [ECX-0x6e005f80]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82C84398 4 Bytes [1C, A1, FF, 91]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Zune\ZuneLauncher.exe[4420] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [748AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4420] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [748AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4420] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [748AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4420] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [748AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037aad12e4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037aad12e4 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB17291$\2515195489 0 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\@ 2048 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\bckfg.tmp 846 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\cfg.ini 76 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\L 0 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\L\xadqgnnk 74752 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\U 0 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB17291$\2515195489\U\80000032.@ 96256 bytes
File C:\Windows\$NtUninstallKB17291$\3610209542 0 bytes

---- EOF - GMER 1.0.15 ----

#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:20 AM

Posted 20 November 2011 - 10:47 PM

What exactly do you want explained?

The logs scan for known malicious files and quarantine and delete them if they're detected on your system.

The SAS results were all cookies, which are fairly regular and semi-expected.

The GMER log is what (in this case) shows the more serious infection(s).

If you think you may still be infected, I can direct your further.

If you're not experiencing anymore symptoms, then this is it.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#5 unforced error

unforced error
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 21 November 2011 - 12:09 AM

I was just wondering what each scan was looking for, what showed up, and what was terminated. Was everything that showed up on the GMER scan malicious and deleted? The log wasn't as straight forward as other scans where they simply listed "spyware" or "virus" or "tracking cookies" on a list and stated that they were deleted. And does this mean I'm clean? If so, thanks!

#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:20 AM

Posted 21 November 2011 - 12:13 AM

Like I said before, if you're not noticing anymore symptoms, you should be clean.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users