Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaning my Computer


  • Please log in to reply
9 replies to this topic

#1 Martin3405

Martin3405

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 04 March 2012 - 06:38 PM

Hello,
I'm new to BleepingComputer... need help.. have looked all over... I have multiple malware in my system and need to know how to get rid of everything... Some of this stuff has hidden my files from my internal and external hard drives.. still can't seem to make one of the external hard drives show all the files.. I have read on other posts that one of the malware called backdoor.cycbot is very critical and more than likely I would have to restore and reinstall my OS (I's running Windows 7 Enterprise)... if this is the case I am willing to do it however, I do not have the disk for it.. moved from SD to SF back to SD and it got lost somewhere in the move.. Anyway, I appreciate the time and hope someone can help me figure this out... I need it for photo editing. Thanks again.

Martin3405


*Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 04 March 2012 - 06:51 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:04 AM

Posted 04 March 2012 - 08:33 PM

Hello and welcome. lets see if we can clean.

This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

>>>>>>

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>>

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

WIN7.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.




Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Next do TDSS
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Celena

Celena

  • Banned Spammer
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 05 March 2012 - 12:06 AM

Hi and welcome, You can try rebooting your pc or else Reinstalling OS. Or else you can use some good antivirus softwares like Comodo,Avast etc to scan your pc fully and then can delete the malwares.

#4 Martin3405

Martin3405
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 06 March 2012 - 01:58 AM

Thank you for your quick response...

so far I have the Unhide log and the Mini ToolBox log..

I'll keep u posted as I go... One more question, when it comes to unhiding files do I have to go back and hide the system files that were originally hidden or is it safe to keep them like this?

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 03/05/2012 10:08:02 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 517376 files processed.

Processing the K:\ drive
Finished processing the K:\ drive. 1454 files processed.

Processing the O:\ drive
Finished processing the O:\ drive. 40512 files processed.

Restoring the Start Menu.
* 219 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 03/05/2012 10:39:33 PM
Execution time: 0 hours(s), 31 minute(s), and 30 seconds(s)


______________________________________________________________________________________

MiniToolBox by Farbar Version: 18-01-2012
Ran by 7 (administrator) on 05-03-2012 at 22:47:15
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

HP 802.11b/g Wireless Network Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Intel® 82562V 10/100 Network Connection = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set subinterface interface=?$ subinterface=ethernet_9 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : 7-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : HP 802.11b/g Wireless Network Adapter
Physical Address. . . . . . . . . : 00-02-E3-49-E9-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8880:16b9:eabc:28fb%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 05, 2012 9:57:40 PM
Lease Expires . . . . . . . . . . : Tuesday, March 06, 2012 9:57:39 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218104547
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-23-70-94-00-18-F3-5A-FB-04
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82562V 10/100 Network Connection
Physical Address. . . . . . . . . : 00-18-F3-5A-FB-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{75A1C0A5-3ED5-4FAA-B13A-3B36014C30DB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.224.169] with 32 bytes of data:
Reply from 74.125.224.169: bytes=32 time=11ms TTL=252
Reply from 74.125.224.169: bytes=32 time=12ms TTL=252

Ping statistics for 74.125.224.169:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 12ms, Average = 11ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=97ms TTL=50
Reply from 98.139.183.24: bytes=32 time=194ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 97ms, Maximum = 194ms, Average = 145ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 02 e3 49 e9 38 ......HP 802.11b/g Wireless Network Adapter
10...00 18 f3 5a fb 04 ......Intel® 82562V 10/100 Network Connection
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 281
192.168.1.5 255.255.255.255 On-link 192.168.1.5 281
192.168.1.255 255.255.255.255 On-link 192.168.1.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::8880:16b9:eabc:28fb/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 mswsock.dll [File Not found] ()
Catalog5 10 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 mswsock.dll [File Not found] ()
x64-Catalog5 10 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog9 12 mswsock.dll [File Not found] ()
x64-Catalog9 13 mswsock.dll [File Not found] ()
x64-Catalog9 14 mswsock.dll [File Not found] ()
x64-Catalog9 15 mswsock.dll [File Not found] ()
x64-Catalog9 16 mswsock.dll [File Not found] ()
x64-Catalog9 17 mswsock.dll [File Not found] ()
x64-Catalog9 18 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447960] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/05/2012 07:34:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/05/2012 07:30:25 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 12 5.1.168.192.in-addr.arpa. PTR 7-PC.local.

Error: (03/05/2012 07:30:25 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 14 5.1.168.192.in-addr.arpa. PTR 7-PC-2.local.

Error: (03/04/2012 03:05:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/27/2012 09:47:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/27/2012 09:25:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 12 4.1.168.192.in-addr.arpa. PTR 7-PC.local.

Error: (02/27/2012 09:25:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 14 4.1.168.192.in-addr.arpa. PTR 7-PC-2.local.

Error: (02/27/2012 09:24:58 PM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description:

Error: (02/27/2012 09:24:56 PM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: 0x9

Error: (02/10/2012 11:27:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: axuhAsyY7fZqmC.exe, version: 6.0.2028.0, time stamp: 0x4f341ffa
Faulting module name: axuhAsyY7fZqmC.exe, version: 6.0.2028.0, time stamp: 0x4f341ffa
Exception code: 0xc0000005
Fault offset: 0x000013e0
Faulting process id: 0xf00
Faulting application start time: 0xaxuhAsyY7fZqmC.exe0
Faulting application path: axuhAsyY7fZqmC.exe1
Faulting module path: axuhAsyY7fZqmC.exe2
Report Id: axuhAsyY7fZqmC.exe3


System errors:
=============
Error: (03/05/2012 10:06:57 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (03/05/2012 10:01:55 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Error: (03/05/2012 10:01:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (03/05/2012 09:59:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (03/05/2012 09:57:43 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/05/2012 09:57:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (03/05/2012 09:57:43 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (03/05/2012 09:57:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/05/2012 09:57:39 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (03/05/2012 07:41:53 PM) (Source: DCOM) (User: )
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro Extended - Italiano, Español, Nederlands, Português (Version: 9.0.0)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54)
Adobe Flash Player 10 Plugin (Version: 10.0.2.54)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.0.1.152)
Adobe Fonts All (Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 5.7.5.30)
aioscnnr (Version: 7.0.5.10)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Ask.com Search Assistant 1.0.1 (Version: 1.0.1)
ATI Catalyst Install Manager (Version: 3.0.715.0)
BIAS SoundSoap SE 2.2 (Version: 2.2)
BitTorrent
BitTorrentBar Toolbar (Version: 6.2.2.4)
BlackBerry Desktop Software 4.7 (Version: 4.7.0.32)
Bonjour (Version: 2.0.4.0)
Browser Defender 3.0 (Version: 3.0.0.314)
C4USelfUpdater (Version: 1.00.0000)
center (Version: 6.2.5.0)
CinemaNow Media Manager (Version: 1.9.0.63)
Cisco Network Magic (Version: 5.5.09195.0)
Conduit Engine (Version: )
Connect (Version: 1.0.0.1)
DAEMON Tools Toolbar (Version: 1.1.1.0014)
DirectX 9 Runtime (Version: 1.00.0000)
essentials (Version: 6.0.14.0)
Google Talk Plugin (Version: 2.6.1.5251)
HP Wireless Elite Desktop (Version: 1.2.4.7)
Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32 (Version: 5.2.0.2)
Internet TV for Windows Media Center (Version: 4.2.2.0)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (Version: 7.1.6.30)
kuler (Version: 2.0)
Lexmark 3500-4500 Series
Lexmark Fax Solutions
LightZone 3.7
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Move Media Player
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network Magic (Version: 5.5.9195.0)
ocr (Version: 6.2.3.50)
PDF Settings CS4 (Version: 9.0)
PDF Settings CS5 (Version: 10.0)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Pod to PC 2.6
Power Sound Editor Free
PreReq (Version: 6.2.2.60)
Print Artist Craft & Party Maker (Version: 21.0.2.7)
Pure Networks Platform (Version: 11.2.09195.1)
QuickTime (Version: 7.69.80.9)
Real Alternative 2.0.2 (Version: 2.0.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
RealUpgrade 1.1 (Version: 1.1.0)
Rosetta Stone Version 3 (Version: 3.3.5.2)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.1)
Roxio Burn (Version: 1.0.0)
Roxio Burn Manager (Version: 1.0.0)
Roxio Burn Manager CDB (Version: 1.0)
Roxio CinePlayer (Version: 5.3)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2010 Pro (Version: 1.2.193)
Roxio Creator 2010 Pro (Version: 12.0)
Roxio Creator 2010 Pro (Version: 5.0.0)
Roxio Disaster Recovery (Version: 1.3.0)
Roxio File Backup (Version: 1.3.0)
Roxio Media Manager (Version: 9.4.051)
Roxio PhotoShow (Version: 6.0)
Roxio Venue (Version: 2.2.170)
Roxio Video Capture USB (Version: 1.22.0000)
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.3 (Version: 5.3.120)
SmartSound Quicktracks Plugin (Version: 3.0.8.0)
SmartSound Sonicfire Pro 5 (Version: 5.1.0)
Spyware Doctor 8.0 (Version: 8.0)
Suite Shared Configuration CS4 (Version: 1.0)
The Sims™ 3 (Version: 1.17.60)
The Sims™ 3 Fast Lane Stuff (Version: 5.0.44)
The Sims™ 3 High-End Loft Stuff (Version: 3.0.38)
The Sims™ 3 Late Night (Version: 6.0.81)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VD64Inst (Version: 1.00.0000)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 8.0.0.35)
VLC media player 1.1.9 (Version: 1.1.9)
VobSub v2.23 (Remove Only)
WIDCOMM Bluetooth Software (Version: 6.3.0.6300)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Messenger (Version: 14.0.8117.0416)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 2046.45 MB
Available physical RAM: 389.21 MB
Total Pagefile: 4092.91 MB
Available Pagefile: 2791.19 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.03 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:186.46 GB) NTFS
8 Drive k: (SignatureMini) (Fixed) (Total:465.76 GB) (Free:114.85 GB) NTFS
9 Drive o: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:1707.35 GB) NTFS

========================= Users: ========================================

User accounts for \\7-PC

7 Administrator Guest


**** End of log ****

#5 Martin3405

Martin3405
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 06 March 2012 - 02:30 AM

TDSSKiller Report-----asked for a reboot...



23:20:25.0031 3816 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
23:20:25.0592 3816 ============================================================
23:20:25.0592 3816 Current date / time: 2012/03/05 23:20:25.0592
23:20:25.0592 3816 SystemInfo:
23:20:25.0592 3816
23:20:25.0592 3816 OS Version: 6.1.7601 ServicePack: 1.0
23:20:25.0592 3816 Product type: Workstation
23:20:25.0592 3816 ComputerName: 7-PC
23:20:25.0592 3816 UserName: 7
23:20:25.0592 3816 Windows directory: C:\Windows
23:20:25.0592 3816 System windows directory: C:\Windows
23:20:25.0592 3816 Running under WOW64
23:20:25.0592 3816 Processor architecture: Intel x64
23:20:25.0592 3816 Number of processors: 2
23:20:25.0592 3816 Page size: 0x1000
23:20:25.0592 3816 Boot type: Normal boot
23:20:25.0592 3816 ============================================================
23:20:26.0809 3816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:20:26.0825 3816 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:20:26.0981 3816 Drive \Device\Harddisk6\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:20:27.0324 3816 \Device\Harddisk0\DR0:
23:20:27.0340 3816 MBR used
23:20:27.0340 3816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:20:27.0340 3816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
23:20:27.0340 3816 \Device\Harddisk1\DR1:
23:20:27.0340 3816 MBR used
23:20:27.0340 3816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E074C1
23:20:27.0340 3816 \Device\Harddisk6\DR6:
23:20:27.0340 3816 MBR used
23:20:27.0340 3816 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
23:20:27.0449 3816 Initialize success
23:20:27.0449 3816 ============================================================

#6 Martin3405

Martin3405
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 06 March 2012 - 03:01 AM

SuperAntiSpyware



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/05/2012 at 11:42 PM

Application Version : 5.0.1144

Core Rules Database Version : 8306
Trace Rules Database Version: 6118

Scan type : Quick Scan
Total Scan Time : 00:06:26

Operating System Information
Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 54695
Registry threats detected : 0
File items scanned : 12222
File threats detected : 399

Adware.Tracking Cookie
.atdmt.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\1GFKK3WA.txt [ /akamai.interclickproxy.com ]
ads.gamersmedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
ads.gamersmedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\0DKEOV67.txt [ /r1-ads.ace.advertising.com ]
.overture.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\CGMCOZKT.txt [ /eaeacom.112.2o7.net ]
.server.cpmstar.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\G76EC0Z5.txt [ /citi.bridgetrack.com ]
.serving-sys.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\VRGP2TW1.txt [ /ads.undertone.com ]
.serving-sys.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\26H2XV9R.txt [ /wstat.wibiya.com ]
.ru4.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\T6WZK6Z5.txt [ /www.glammedia.com ]
.adserver.adtechus.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\0P9NVMJ0.txt [ /ads.pubmatic.com ]
.apmebf.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\P1RGTHCW.txt [ /advertising.com ]
.advertising.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\M734V0KF.txt [ /adform.net ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\MQRFOOD2.txt [ /mediadakine.com ]
.a1.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\MA9TQNN9.txt [ /ad2.adfarm1.adition.com ]
.a1.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\GB5WPXKY.txt [ /casalemedia.com ]
.ads.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\2HK910GD.txt [ /questionmarket.com ]
.interclick.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\TBFHHVSW.txt [ /a1.interclick.com ]
.adlegend.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\NJKJDETR.txt [ /d.mediadakine.com ]
.aim4media.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\SMI6JXOO.txt [ /adserver.adtechus.com ]
accounts.youtube.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\4P0CG5U8.txt [ /tracking.dsmmadvantage.com ]
.accounts.google.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
oasc12.247realmedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\GUJY1BSA.txt [ /media.adfrontiers.com ]
ads.saymedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\U9R8KDPC.txt [ /adxpose.com ]
.trafficmp.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\AEHR9XW1.txt [ /brandspotmedia.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\JZMMWBP5.txt [ /tribalfusion.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\SETOZFI2.txt [ /xm.xtendmedia.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\2YKX2RAT.txt [ /aimfar.solution.weborama.fr ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\2RW3BETC.txt [ /purebluemedia.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\ZFBTDULF.txt [ /ru4.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\QZZMAOIK.txt [ /indoormedia.co.uk ]
.questionmarket.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\UG5N1852.txt [ /at.atwola.com ]
.questionmarket.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\3LUT9M88.txt [ /pointroll.com ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\M9DDP44G.txt [ /ads.gamersmedia.com ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\8X4IK7UX.txt [ /ad.wsod.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\G2YLIKSL.txt [ /mediaplex.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\XB8WXH9M.txt [ /lfstmedia.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\T12NR98T.txt [ /mediaforge.com ]
.ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\0F7LNI3Y.txt [ /fastclick.net ]
.ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\CV9NZMD2.txt [ /doubleclick.net ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\17TGE5B4.txt [ /collective-media.net ]
.histats.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\NNAMIKB2.txt [ /ads.pointroll.com ]
.revsci.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\XLV381AB.txt [ /advertise.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\KYH7Q95G.txt [ /insightexpressai.com ]
ad.zanox.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\KTAGNUIV.txt [ /track.adform.net ]
.adtech.de [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.toyotaes2.solution.weborama.fr [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.toyotaes2.solution.weborama.fr [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.toyotaes2.solution.weborama.fr [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.toyotaes2.solution.weborama.fr [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\7ZYQDYTW.txt [ /media6degrees.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\W6QMTPKK.txt [ /c.atdmt.com ]
.lucidmedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\ME9IWQ43.txt [ /server.cpmstar.com ]
.pro-market.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\IUFE6QAT.txt [ /eyeviewads.com ]
.adbrite.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\67X8NADR.txt [ /stat.onestat.com ]
.zedo.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\1WNRIJHG.txt [ /pro-market.net ]
.www.burstnet.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\MTLTZ24H.txt [ /lucidmedia.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\U3AMJJIA.txt [ /yieldmanager.net ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\YM92T2G4.txt [ /dc.tremormedia.com ]
.yieldmanager.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\CPKGQDRM.txt [ /martiniadnetwork.com ]
.fastclick.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\ANTY6ZPZ.txt [ /adbrite.com ]
.zedo.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\N81NEZOZ.txt [ /ads.vidsense.com ]
.zedo.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\ET00MIMS.txt [ /r.unicornmedia.com ]
.zedo.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\78RMMEKP.txt [ /specificclick.net ]
.zedo.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\7U3OX2E3.txt [ /realmedia.com ]
.ru4.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.xm.xtendmedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\4ZZYTUBP.txt [ /imrworldwide.com ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\QE4S83F4.txt [ /accounts.google.com ]
.adfarm1.adition.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\PY401BME.txt [ /ad.zanox.com ]
.revsci.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\ZVTM8DVT.txt [ /zedo.com ]
.revsci.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\9HZ4I3EZ.txt [ /serving-sys.com ]
.revsci.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\JGUKYKD8.txt [ /www.burstnet.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\N5IWP80K.txt [ /trafficmp.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\LT7E3CMC.txt [ /weborama.fr ]
.tribalfusion.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\H9QFCXDA.txt [ /ggpublishing.rotator.hadj7.adjuggler.net ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\4LLVB48F.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\19Y60FY1.txt [ /network.realmedia.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\O58OJDI5.txt [ /adtech.de ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\0NY4J3XP.txt [ /ads.adk2.com ]
stats.ftb.ca.gov [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\AP05CKMH.txt [ /statcounter.com ]
ads.gamersmedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\HTXSJ64P.txt [ /bizzclick.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\AK1S0A88.txt [ /unrulymedia.com ]
.media6degrees.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\PMI88KSB.txt [ /cdn.jemamedia.com ]
.casalemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\ZZRYH62X.txt [ /ero-advertising.com ]
.casalemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\B3K3QG3S.txt [ /247realmedia.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\W3MFAH26.txt [ /interclick.com ]
.trafficmp.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\IW8JNCPG.txt [ /invitemedia.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\GT7TJKDF.txt [ /revsci.net ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\ECF4BA1Z.txt [ /ad.yieldmanager.com ]
mediaservices-d.openxenterprise.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\DP4PU8N4.txt [ /apmebf.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\OKZIJR2W.txt [ /burstnet.com ]
.server.cpmstar.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\30EF0J9Z.txt [ /rotator.hadj7.adjuggler.net ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\HVQAQQF1.txt [ /intermundomedia.com ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\1ETI30SA.txt [ /ad.360yield.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\52FXWHD8.txt [ /ads.empowher.com ]
.mediaplex.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\4GC1R6ZZ.txt [ /malakmedia.com ]
.adfarm1.adition.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\4SPJQRXV.txt [ /technoratimedia.com ]
ad2.adfarm1.adition.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\QISCIAQW.txt [ /bs.serving-sys.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\62EOQ164.txt [ /eyewonder.com ]
.serving-sys.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\HSDWU7R8.txt [ /ads.footar.com ]
.serving-sys.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\0L814IYB.txt [ /linksynergy.com ]
.media6degrees.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\C2FYDNR7.txt [ /steelhousemedia.com ]
.media6degrees.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\MBGGS1U0.txt [ /xml.mediality.com ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\DELQNG93.txt [ /gotacha.rotator.hadj7.adjuggler.net ]
.overture.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\WHBDZEBC.txt [ /d.mediaforge.com ]
.server.cpmstar.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\8BL2EBKF.txt [ /lovecomm.rotator.hadj7.adjuggler.net ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\HMZCX8WR.txt [ /pappasgroup.rotator.hadj7.adjuggler.net ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\KYYMRFKD.txt [ /beacon.dmsinsights.com ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\R3XH3PAH.txt [ /smartadserver.com ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\WBXNSR9O.txt [ /youngbucks.rotator.hadj7.adjuggler.net ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\DRROVTI5.txt [ /ads.blogtalkradio.com ]
.statcounter.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\N4P2VGY5.txt [ /amazon-adsystem.com ]
.doubleclick.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\S34RRO93.txt [ /adinterax.com ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\XA23YVWV.txt [ /legolas-media.com ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\JIPEO5TU.txt [ /pfa.rotator.hadj7.adjuggler.net ]
.kontera.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\G90RT7Z5.txt [ /glammedia.com ]
.ads.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\U63025D2.txt [ /artcitymedia.com ]
.2o7.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\Users\7\AppData\Roaming\Microsoft\Windows\Cookies\XYEXPQ52.txt [ /adfarm1.adition.com ]
.estat.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\02ZIZIFR.txt [ Cookie:7@www.adf01.net/pubs/cpa/track/ ]
.solvemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ORFVIOAW.DEFAULT\COOKIES.SQLITE ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@advertising[2].txt [ Cookie:7@advertising.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@casalemedia[2].txt [ Cookie:7@casalemedia.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@adserver.adtechus[2].txt [ Cookie:7@adserver.adtechus.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@media.adfrontiers[1].txt [ Cookie:7@media.adfrontiers.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@www.googleadservices[1].txt [ Cookie:7@www.googleadservices.com/pagead/conversion/1068234471/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@pointroll[2].txt [ Cookie:7@pointroll.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@at.atwola[2].txt [ Cookie:7@at.atwola.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@fastclick[1].txt [ Cookie:7@fastclick.net/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@doubleclick[1].txt [ Cookie:7@doubleclick.net/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@ads.pointroll[1].txt [ Cookie:7@ads.pointroll.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@collective-media[1].txt [ Cookie:7@collective-media.net/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@pro-market[1].txt [ Cookie:7@pro-market.net/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@overture[1].txt [ Cookie:7@overture.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@tracking.admarketplace[1].txt [ Cookie:7@tracking.admarketplace.net/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@content.yieldmanager[1].txt [ Cookie:7@content.yieldmanager.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@statse.webtrendslive[2].txt [ Cookie:7@statse.webtrendslive.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@oasn04.247realmedia[1].txt [ Cookie:7@oasn04.247realmedia.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@tacoda[2].txt [ Cookie:7@tacoda.net/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@interclick[2].txt [ Cookie:7@interclick.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@revsci[1].txt [ Cookie:7@revsci.net/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@ad.yieldmanager[2].txt [ Cookie:7@ad.yieldmanager.com/ ]
C:\USERS\7\AppData\Roaming\Microsoft\Windows\Cookies\Low\7@apmebf[1].txt [ Cookie:7@apmebf.com/ ]
C:\USERS\7\Cookies\1GFKK3WA.txt [ Cookie:7@akamai.interclickproxy.com/ ]
C:\USERS\7\Cookies\02ZIZIFR.txt [ Cookie:7@www.adf01.net/pubs/cpa/track/ ]
C:\USERS\7\Cookies\0DKEOV67.txt [ Cookie:7@r1-ads.ace.advertising.com/ ]
C:\USERS\7\Cookies\G76EC0Z5.txt [ Cookie:7@citi.bridgetrack.com/ ]
C:\USERS\7\Cookies\T6WZK6Z5.txt [ Cookie:7@www.glammedia.com/ ]
C:\USERS\7\Cookies\P1RGTHCW.txt [ Cookie:7@advertising.com/ ]
C:\USERS\7\Cookies\M734V0KF.txt [ Cookie:7@adform.net/ ]
C:\USERS\7\Cookies\GB5WPXKY.txt [ Cookie:7@casalemedia.com/ ]
C:\USERS\7\Cookies\TBFHHVSW.txt [ Cookie:7@a1.interclick.com/ ]
C:\USERS\7\Cookies\NJKJDETR.txt [ Cookie:7@d.mediadakine.com/ ]
C:\USERS\7\Cookies\SMI6JXOO.txt [ Cookie:7@adserver.adtechus.com/ ]
C:\USERS\7\Cookies\4P0CG5U8.txt [ Cookie:7@tracking.dsmmadvantage.com/ ]
C:\USERS\7\Cookies\GUJY1BSA.txt [ Cookie:7@media.adfrontiers.com/ ]
C:\USERS\7\Cookies\U9R8KDPC.txt [ Cookie:7@adxpose.com/ ]
C:\USERS\7\Cookies\AEHR9XW1.txt [ Cookie:7@brandspotmedia.com/ ]
C:\USERS\7\Cookies\JZMMWBP5.txt [ Cookie:7@tribalfusion.com/ ]
C:\USERS\7\Cookies\2YKX2RAT.txt [ Cookie:7@aimfar.solution.weborama.fr/ ]
C:\USERS\7\Cookies\2RW3BETC.txt [ Cookie:7@purebluemedia.com/ ]
C:\USERS\7\Cookies\ZFBTDULF.txt [ Cookie:7@ru4.com/ ]
C:\USERS\7\Cookies\UG5N1852.txt [ Cookie:7@at.atwola.com/ ]
C:\USERS\7\Cookies\3LUT9M88.txt [ Cookie:7@pointroll.com/ ]
C:\USERS\7\Cookies\M9DDP44G.txt [ Cookie:7@ads.gamersmedia.com/ ]
C:\USERS\7\Cookies\G2YLIKSL.txt [ Cookie:7@mediaplex.com/ ]
C:\USERS\7\Cookies\XB8WXH9M.txt [ Cookie:7@lfstmedia.com/ ]
C:\USERS\7\Cookies\0F7LNI3Y.txt [ Cookie:7@fastclick.net/ ]
C:\USERS\7\Cookies\CV9NZMD2.txt [ Cookie:7@doubleclick.net/ ]
C:\USERS\7\Cookies\17TGE5B4.txt [ Cookie:7@collective-media.net/ ]
C:\USERS\7\Cookies\NNAMIKB2.txt [ Cookie:7@ads.pointroll.com/ ]
C:\USERS\7\Cookies\XLV381AB.txt [ Cookie:7@advertise.com/ ]
C:\USERS\7\Cookies\KYH7Q95G.txt [ Cookie:7@insightexpressai.com/ ]
C:\USERS\7\Cookies\KTAGNUIV.txt [ Cookie:7@track.adform.net/ ]
C:\USERS\7\Cookies\W6QMTPKK.txt [ Cookie:7@c.atdmt.com/ ]
C:\USERS\7\Cookies\IUFE6QAT.txt [ Cookie:7@eyeviewads.com/ ]
C:\USERS\7\Cookies\67X8NADR.txt [ Cookie:7@stat.onestat.com/ ]
C:\USERS\7\Cookies\1WNRIJHG.txt [ Cookie:7@pro-market.net/ ]
C:\USERS\7\Cookies\MTLTZ24H.txt [ Cookie:7@lucidmedia.com/ ]
C:\USERS\7\Cookies\U3AMJJIA.txt [ Cookie:7@yieldmanager.net/ ]
C:\USERS\7\Cookies\YM92T2G4.txt [ Cookie:7@dc.tremormedia.com/ ]
C:\USERS\7\Cookies\ET00MIMS.txt [ Cookie:7@r.unicornmedia.com/ ]
C:\USERS\7\Cookies\7U3OX2E3.txt [ Cookie:7@realmedia.com/ ]
C:\USERS\7\Cookies\4ZZYTUBP.txt [ Cookie:7@imrworldwide.com/cgi-bin ]
C:\USERS\7\Cookies\QE4S83F4.txt [ Cookie:7@accounts.google.com/ ]
C:\USERS\7\Cookies\ZVTM8DVT.txt [ Cookie:7@zedo.com/ ]
C:\USERS\7\Cookies\9HZ4I3EZ.txt [ Cookie:7@serving-sys.com/ ]
C:\USERS\7\Cookies\JGUKYKD8.txt [ Cookie:7@www.burstnet.com/ ]
C:\USERS\7\Cookies\N5IWP80K.txt [ Cookie:7@trafficmp.com/ ]
C:\USERS\7\Cookies\LT7E3CMC.txt [ Cookie:7@weborama.fr/ ]
C:\USERS\7\Cookies\H9QFCXDA.txt [ Cookie:7@ggpublishing.rotator.hadj7.adjuggler.net/ ]
C:\USERS\7\Cookies\19Y60FY1.txt [ Cookie:7@network.realmedia.com/ ]
C:\USERS\7\Cookies\O58OJDI5.txt [ Cookie:7@adtech.de/ ]
C:\USERS\7\Cookies\AP05CKMH.txt [ Cookie:7@statcounter.com/ ]
C:\USERS\7\Cookies\HTXSJ64P.txt [ Cookie:7@bizzclick.com/ ]
C:\USERS\7\Cookies\PMI88KSB.txt [ Cookie:7@cdn.jemamedia.com/ ]
C:\USERS\7\Cookies\W3MFAH26.txt [ Cookie:7@interclick.com/ ]
C:\USERS\7\Cookies\IW8JNCPG.txt [ Cookie:7@invitemedia.com/ ]
C:\USERS\7\Cookies\GT7TJKDF.txt [ Cookie:7@revsci.net/ ]
C:\USERS\7\Cookies\ECF4BA1Z.txt [ Cookie:7@ad.yieldmanager.com/ ]
C:\USERS\7\Cookies\DP4PU8N4.txt [ Cookie:7@apmebf.com/ ]
C:\USERS\7\Cookies\OKZIJR2W.txt [ Cookie:7@burstnet.com/ ]
C:\USERS\7\Cookies\30EF0J9Z.txt [ Cookie:7@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt155034 ]
C:\USERS\7\Cookies\4SPJQRXV.txt [ Cookie:7@technoratimedia.com/ ]
C:\USERS\7\Cookies\QISCIAQW.txt [ Cookie:7@bs.serving-sys.com/ ]
C:\USERS\7\Cookies\62EOQ164.txt [ Cookie:7@eyewonder.com/ ]
C:\USERS\7\Cookies\0L814IYB.txt [ Cookie:7@linksynergy.com/ ]
C:\USERS\7\Cookies\C2FYDNR7.txt [ Cookie:7@steelhousemedia.com/ ]
C:\USERS\7\Cookies\MBGGS1U0.txt [ Cookie:7@xml.mediality.com/ ]
C:\USERS\7\Cookies\DELQNG93.txt [ Cookie:7@gotacha.rotator.hadj7.adjuggler.net/ ]
C:\USERS\7\Cookies\HMZCX8WR.txt [ Cookie:7@pappasgroup.rotator.hadj7.adjuggler.net/ ]
C:\USERS\7\Cookies\KYYMRFKD.txt [ Cookie:7@beacon.dmsinsights.com/ ]
C:\USERS\7\Cookies\R3XH3PAH.txt [ Cookie:7@smartadserver.com/ ]
C:\USERS\7\Cookies\WBXNSR9O.txt [ Cookie:7@youngbucks.rotator.hadj7.adjuggler.net/ ]
C:\USERS\7\Cookies\N4P2VGY5.txt [ Cookie:7@amazon-adsystem.com/ ]
C:\USERS\7\Cookies\JIPEO5TU.txt [ Cookie:7@pfa.rotator.hadj7.adjuggler.net/ ]
C:\USERS\7\Cookies\XYEXPQ52.txt [ Cookie:7@adfarm1.adition.com/ ]

Trojan.Agent/Gen-Kazy[Ex]
C:\WINDOWS\TEMP\HDGFSH.EXE
C:\WINDOWS\TEMP\LVVMDDHU.EXE

Trojan.Agent/Gen-Kazy
C:\USERS\7\APPDATA\LOCAL\TEMP\A94D.TMP

Trojan.Agent/Gen-Alureon
C:\USERS\7\APPDATA\LOCAL\TEMP\B468.TMP

#7 Martin3405

Martin3405
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 06 March 2012 - 03:19 AM

And Malwarebytes... What's the next step???


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
7 :: 7-PC [administrator]

3/5/2012 11:56:52 PM
mbam-log-2012-03-05 (23-56-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200814
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IFEvuifXpHuouiv.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\IFEvuifXpHuouiv.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\ProgramData\IFEvuifXpHuouiv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\axuhAsyY7fZqmC.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\7\AppData\Roaming\Microsoft\B04C\200F.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\C6608\5AFB0.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\Temp\6B5F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Temp\SoftwareUpdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:04 AM

Posted 06 March 2012 - 03:21 PM

Hello,you have a rootkit,probabaly Zeroaccess,that needs removaing.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Include this link back here
http://www.bleepingcomputer.com/forums/topic445072.html/page__pid__2622178#entry2622178

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Martin3405

Martin3405
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 09 March 2012 - 02:14 AM

Thank u for all of ur help... below is the link to the post... I did skip the GMER scan... because i have 64x ...

http://www.bleepingcomputer.com/forums/topic445571.html

#10 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:04 AM

Posted 09 March 2012 - 07:18 AM

Thanks for submitted your logs to our Malware Removal Team.
Please do not further post in this thread until they have had a change to review it and help you get rid of the malware.
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users