Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Infected Laptop!


  • Please log in to reply
11 replies to this topic

#1 jimmykemble

jimmykemble

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 March 2012 - 04:50 AM

i think my computer is infected with something! what, i don't know. i'm getting redirected to random websites, usually yellowpages.com or gimmeanswers.org or "www.daytonabeach.com/whattosee.cfm/mode/golfing" when i click on certain search result links from google. it doesn't happen all the time and not with all the search result links, but it happens enough. i have avast! antivirus and ad-aware. i ran full scans on both. ad-aware found nothing and avast found 2 infected files, "mor.exe" and "0.3224601495166588" both from my "temp" files. i moved them to the virus chest, ran a boot-time scan, and i figured that would solve the problem. but it didn't. the problem persists. please help! i'm reading that i should run combofix...?

ADDENDUM: i'm on windows 7 and i use firefox. also, i installed tdsskiller, did a scan, and it found nothing. i then installed malwarebytes anti-malware, did a scan, and it found 3 infected objects. i "checked all" and deleted them (log below). it had me restart my computer. i did it right away. however, the redirecting problem still did not go away!

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kemble :: KEMBLE-PC [administrator]

3/18/2012 3:19:36 AM
mbam-log-2012-03-18 (03-19-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233405
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Kemble\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\hmlxkn.dll (Trojan.Agent.GMAGen) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Users\Kemble\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\hmlxkn.dll",DllRegisterServer -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Kemble\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\hmlxkn.dll (Trojan.Agent.GMAGen) -> Delete on reboot.

(end)

Edited by jimmykemble, 18 March 2012 - 05:47 AM.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:43 PM

Posted 18 March 2012 - 10:17 AM

Hi,

After performing these scans, enter the results in your next post and also update me on the status of the PC.

Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.

================================================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

================================================================================

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
================================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 jimmykemble

jimmykemble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 March 2012 - 06:26 PM

hi theshooter93,

thanks for replying. i have performed all your suggested scans and the redirecting problem still persists. ugh! my latest test search redirected me to "www.happili.com" and gave me this message: "Warning: mysql_connect() [function.mysql-connect]: Too many connections in /home/happili.com/php/comm_includes/mysql.php on line 5"

please advise!

here are the results from the scans:


Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 26
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

================================================================================================================================================================

MiniToolBox by Farbar Version: 18-01-2012
Ran by Kemble (administrator) on 18-03-2012 at 13:45:38
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
JMicron PCI Express Gigabit Ethernet Adapter = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kemble-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : rr.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 4E-5D-60-63-D8-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : JMicron PCI Express Gigabit Ethernet Adapter
Physical Address. . . . . . . . . : 20-CF-30-D3-0E-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : rr.com
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 48-5D-60-63-D8-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::64d0:32f6:746f:52da%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 18, 2012 3:29:58 AM
Lease Expires . . . . . . . . . . : Monday, March 19, 2012 1:35:18 PM
Default Gateway . . . . . . . . . : 10.0.1.1
DHCP Server . . . . . . . . . . . : 10.0.1.1
DHCPv6 IAID . . . . . . . . . . . : 239623520
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-74-E2-A3-48-5D-60-63-D8-DF
DNS Servers . . . . . . . . . . . : 10.0.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{64A79658-87D4-4547-B474-8FF7E03C06BA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3893:4e3d:b3a8:9e7d(Preferred)
Link-local IPv6 Address . . . . . : fe80::3893:4e3d:b3a8:9e7d%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{F2596662-DF2D-40BC-AB27-4937AC2BE388}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.0.1.1

Name: google.com
Addresses: 74.125.224.167
74.125.224.168
74.125.224.169
74.125.224.174
74.125.224.160
74.125.224.161
74.125.224.162
74.125.224.163
74.125.224.164
74.125.224.165
74.125.224.166


Pinging google.com [74.125.224.167] with 32 bytes of data:
Reply from 74.125.224.167: bytes=32 time=29ms TTL=54
Reply from 74.125.224.167: bytes=32 time=15ms TTL=54

Ping statistics for 74.125.224.167:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 29ms, Average = 22ms
Server: UnKnown
Address: 10.0.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=146ms TTL=47
Reply from 98.139.183.24: bytes=32 time=238ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 146ms, Maximum = 238ms, Average = 192ms
Server: UnKnown
Address: 10.0.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...4e 5d 60 63 d8 df ......Microsoft Virtual WiFi Miniport Adapter
11...20 cf 30 d3 0e eb ......JMicron PCI Express Gigabit Ethernet Adapter
10...48 5d 60 63 d8 df ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.1.1 10.0.1.4 25
10.0.1.0 255.255.255.0 On-link 10.0.1.4 281
10.0.1.4 255.255.255.255 On-link 10.0.1.4 281
10.0.1.255 255.255.255.255 On-link 10.0.1.4 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:3893:4e3d:b3a8:9e7d/128
On-link
10 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3893:4e3d:b3a8:9e7d/128
On-link
10 281 fe80::64d0:32f6:746f:52da/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/17/2012 04:25:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2402

Error: (03/17/2012 04:25:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2402

Error: (03/17/2012 04:25:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2012 00:59:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36699765

Error: (03/16/2012 00:59:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36699765

Error: (03/16/2012 00:59:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2012 00:59:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36698767

Error: (03/16/2012 00:59:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36698767

Error: (03/16/2012 00:59:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2012 00:59:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36697768


System errors:
=============
Error: (03/18/2012 03:30:43 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (03/18/2012 03:30:43 AM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/966273569/

Error: (03/18/2012 03:30:43 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (03/18/2012 03:30:43 AM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/966273569/

Error: (03/17/2012 10:05:45 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (03/17/2012 10:05:45 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/966273569/

Error: (03/17/2012 10:05:45 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (03/17/2012 10:05:45 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/966273569/

Error: (03/17/2012 10:04:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.

Error: (03/17/2012 10:03:46 PM) (Source: Service Control Manager) (User: )
Description: The Bing Bar Update Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
Ad-Aware (Version: 9.5.0)
Ad-Aware (Version: 9.6.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.2)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader 9.5.0 MUI (Version: 9.5.0)
AI TouchMedia (Version: 6.0.3512)
Akamai NetSession Interface
Alice Greenfingers
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ASUS AI Recovery (Version: 1.0.10)
ASUS Data Security Manager (Version: 1.00.0014)
ASUS LifeFrame3 (Version: 3.0.20)
ASUS Live Update (Version: 2.5.9)
ASUS MultiFrame (Version: 1.0.0021)
ASUS Power4Gear Hybrid (Version: 1.1.40)
ASUS SmartLogon (Version: 1.0.0008)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0028)
ASUS Video Magic (Version: 6.0.4015)
ASUS Virtual Camera (Version: 1.0.20)
ATI AVIVO64 Codecs (Version: 11.6.0.50811)
ATI Catalyst Install Manager (Version: 3.0.790.0)
ATK Package (Version: 1.0.0006)
Bing Bar (Version: 7.0.850.0)
Boingo Wi-Fi (Version: 1.7.0048)
Bonjour (Version: 3.0.0.10)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.1.0.2)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.0.8)
Canon Personal Printing Guide (Version: 1.1.0.2)
Canon Utilities Movie Uploader for YouTube (Version: 1.0.0.11)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.5.0.14)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0811.2122.36462)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0811.2122.36462)
Catalyst Control Center InstallProxy (Version: 2010.0811.2122.36462)
Catalyst Control Center Localization All (Version: 2010.0811.2122.36462)
ccc-core-static (Version: 2010.0811.2122.36462)
ccc-utility64 (Version: 2010.0811.2122.36462)
CCC Help Chinese Standard (Version: 2010.0811.2121.36462)
CCC Help Chinese Traditional (Version: 2010.0811.2121.36462)
CCC Help Czech (Version: 2010.0811.2121.36462)
CCC Help Danish (Version: 2010.0811.2121.36462)
CCC Help Dutch (Version: 2010.0811.2121.36462)
CCC Help English (Version: 2010.0811.2121.36462)
CCC Help Finnish (Version: 2010.0811.2121.36462)
CCC Help French (Version: 2010.0811.2121.36462)
CCC Help German (Version: 2010.0811.2121.36462)
CCC Help Greek (Version: 2010.0811.2121.36462)
CCC Help Hungarian (Version: 2010.0811.2121.36462)
CCC Help Italian (Version: 2010.0811.2121.36462)
CCC Help Japanese (Version: 2010.0811.2121.36462)
CCC Help Korean (Version: 2010.0811.2121.36462)
CCC Help Norwegian (Version: 2010.0811.2121.36462)
CCC Help Polish (Version: 2010.0811.2121.36462)
CCC Help Portuguese (Version: 2010.0811.2121.36462)
CCC Help Russian (Version: 2010.0811.2121.36462)
CCC Help Spanish (Version: 2010.0811.2121.36462)
CCC Help Swedish (Version: 2010.0811.2121.36462)
CCC Help Thai (Version: 2010.0811.2121.36462)
CCC Help Turkish (Version: 2010.0811.2121.36462)
Chicken Invaders 2
Conexant HD Audio (Version: 4.127.0.61)
ControlDeck (Version: 1.0.8)
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink MediaShow Espresso (Version: 5.0.1606_25588)
CyberLink PhotoNow (Version: 1.1.6904)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDirector (Version: 8.0.2609a)
CyberLink PowerDVD 9 (Version: 9.0.3009.50)
Dream Day Wedding Married in Manhattan
ETDWare PS/2-x64 7.0.5.11_WHQL (Version: 7.0.5.11)
Fast Boot (Version: 1.0.6)
Game Park Console (Version: 6.2.0.2)
Google Chrome (Version: 17.0.963.79)
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.99)
HP Color LaserJet 2600 series
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Turbo Boost Technology Monitor (Version: 1.0.115.11)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
JMicron Ethernet Adapter NDIS Driver (Version: 6.0.17.1)
JMicron Flash Media Controller Driver (Version: 1.0.33.2)
Junk Mail filter update (Version: 14.0.8117.416)
K_Series_ScreenSaver_EN
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Picasa 3 (Version: 3.8)
Piggly FREE
QuickTime (Version: 7.69.80.9)
Smileyville FREE
syncables desktop SE (Version: 5.5.615.9518)
Times Reader (Version: 2.055)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 UVC VGA WebCam (Version: 5.8.54000.207)
WD SmartWare (Version: 1.2.0.8)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
WinFlash (Version: 2.30.3)
Wireless Console 3 (Version: 3.0.17)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 4020.51 MB
Available physical RAM: 1942.54 MB
Total Pagefile: 8039.21 MB
Available Pagefile: 5142.51 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.82 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:65.8 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:329.79 GB) (Free:309.14 GB) NTFS

========================= Users: ========================================

User accounts for \\KEMBLE-PC

Administrator Guest Kemble
Work


**** End of log ****

================================================================================================================================================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/18/2012 at 03:01 PM

Application Version : 5.0.1146

Core Rules Database Version : 8347
Trace Rules Database Version: 6159

Scan type : Complete Scan
Total Scan Time : 01:05:14

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 773
Memory threats detected : 0
Registry items scanned : 67042
Registry threats detected : 0
File items scanned : 71531
File threats detected : 270

Adware.Tracking Cookie
C:\Users\Kemble\AppData\Roaming\Microsoft\Windows\Cookies\kemble@invitemedia[2].txt [ /invitemedia ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@indieclick[2].txt [ Cookie:kemble@indieclick.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\48CQA8SJ.txt [ Cookie:kemble@accounts.google.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@content.yieldmanager[1].txt [ Cookie:kemble@content.yieldmanager.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@specificmedia[1].txt [ Cookie:kemble@specificmedia.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@ticketcity[2].txt [ Cookie:kemble@ticketcity.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@yieldmanager[1].txt [ Cookie:kemble@yieldmanager.net/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9PMZ5175.txt [ Cookie:kemble@media6degrees.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IF2LVSN0.txt [ Cookie:kemble@invitemedia.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2E75I0PM.txt [ Cookie:kemble@at.atwola.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@revsci[1].txt [ Cookie:kemble@revsci.net/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@interclick[2].txt [ Cookie:kemble@interclick.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TM09BZ4X.txt [ Cookie:kemble@tacoda.at.atwola.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@ar.atwola[1].txt [ Cookie:kemble@ar.atwola.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@imrworldwide[2].txt [ Cookie:kemble@imrworldwide.com/cgi-bin ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\kemble@optimize.indieclick[1].txt [ Cookie:kemble@optimize.indieclick.com/ ]
C:\USERS\KEMBLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\N0U190BJ.txt [ Cookie:kemble@google.com/accounts/ ]
C:\USERS\KEMBLE\Cookies\kemble@invitemedia[2].txt [ Cookie:kemble@invitemedia.com/ ]
C:\USERS\WORK\AppData\Roaming\Microsoft\Windows\Cookies\Low\4XHA51VD.txt [ Cookie:work@accounts.google.com/ ]
C:\USERS\WORK\AppData\Roaming\Microsoft\Windows\Cookies\Low\UPH8S36S.txt [ Cookie:work@revsci.net/ ]
C:\USERS\WORK\AppData\Roaming\Microsoft\Windows\Cookies\Low\76VA1EJ7.txt [ Cookie:work@google.com/accounts/ ]
C:\USERS\WORK\AppData\Roaming\Microsoft\Windows\Cookies\Low\299PP71W.txt [ Cookie:work@imrworldwide.com/cgi-bin ]
.imrworldwide.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viewablemedia.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viacom.adbureau.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viacom.adbureau.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viacom.adbureau.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counters.gigya.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.ziporn.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ziporn.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ziporn.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
xxxbunker.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
xxxbunker.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ziporn.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpansion.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
xxxbunker.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
xxxbunker.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
xxxbunker.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediacareers.about.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timeinc.122.2o7.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rtst.122.2o7.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.akamai.interclickproxy.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\KEMBLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.ads2.msads.net [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
ad.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
ads2.msads.net [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
adsatt.espn.go.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
aws-cdn.hottopicmedia.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
banners.securedataimages.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
cdn.complexmedianetwork.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
cdn.eyewonder.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
cdn.media.abc.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
cdn.tremormedia.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
content.oddcast.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
content.yieldmanager.edgesuite.net [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
convoad.technoratimedia.net [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
core.insightexpressai.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
crackle.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
data-ero-advertising.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
dcl.wdpromedia.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
dlr1.wdpromedia.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
ds.serving-sys.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
files.youporn.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
i.adultswim.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
ia.media-imdb.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
macromedia.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media.kyte.tv [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media.mtvnservices.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media.nbclosangeles.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media.noob.us [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media.npr.org [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media.socialvibe.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media.subwayfreshbuzz.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media.whosay.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media1.break.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media1.nfb.ca [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media10.washingtonpost.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media2.onsugar.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
media34.onsugar.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
msnbcmedia.msn.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
objects.tremormedia.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
s0.2mdn.net [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
secure-uk.imrworldwide.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
secure-us.imrworldwide.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
serving-sys.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
sftrack.searchforce.net [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
spe.atdmt.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
speed.pointroll.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
static.discoverymedia.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
videos.mediaite.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
www.naiadsystems.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
www.pornhub.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
www.pornstarclub.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
www.ziporn.com [ C:\USERS\KEMBLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L94LDUQ8 ]
ad.insightexpressai.com [ C:\USERS\WORK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W6ZBMZQD ]
ia.media-imdb.com [ C:\USERS\WORK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W6ZBMZQD ]
media.ign.com [ C:\USERS\WORK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W6ZBMZQD ]
media.mtvnservices.com [ C:\USERS\WORK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W6ZBMZQD ]
objects.tremormedia.com [ C:\USERS\WORK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W6ZBMZQD ]
secure-us.imrworldwide.com [ C:\USERS\WORK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W6ZBMZQD ]

================================================================================================================================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-18 16:00:19
Windows 6.1.7601 Service Pack 1
Running: q54gqhs3.exe


---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:43 PM

Posted 18 March 2012 - 07:22 PM

I see that you have µTorrent installed. Programs like this are an invitation for viruses and malware. We can help clean your computer, but it's only a matter of time until you become infected again if you use this program.

If you want to keep it, just do not use it during the removal process or my work would be for nothing.

---------------------------------------------------

How is the computer behaving now?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 jimmykemble

jimmykemble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 March 2012 - 08:40 PM

ok, i totally understand. i don't have to use utorrent.

my computer seems to be ok now. yay! the redirecting problem seems to have gone away.

did you do something already to clean my computer and fix the problem? and if so, may i ask what you did?

#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:43 PM

Posted 18 March 2012 - 09:20 PM

Glad to hear it's working now. :thumbup2:

The SuperantiSpyware scan is what removed the infection from your computer.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 jimmykemble

jimmykemble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 March 2012 - 09:47 PM

well, that seemed to be short-lived. *sigh* the redirecting problem is back. i was doing a google search and the link redirected me to www.gimmeanswers.org. on another search, the link redirected me to www.askthecrew.net.

what should i do now?

#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:43 PM

Posted 18 March 2012 - 09:48 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 jimmykemble

jimmykemble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 20 March 2012 - 05:29 PM

i have just completed the steps from the preparation guide and posted my topic.

#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:43 PM

Posted 20 March 2012 - 05:31 PM

Good luck. :thumbup2:

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 jimmykemble

jimmykemble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 27 March 2012 - 08:33 PM

my redirecting issue has been fixed and resolved. you guys were very helpful!

here's the link to my thread in the malware removal forum: http://www.bleepingcomputer.com/forums/topic446995.html

:thumbsup:

#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:43 PM

Posted 27 March 2012 - 08:41 PM

Congrats. :thumbup2:

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users