Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am not able to change my default search


  • This topic is locked This topic is locked
14 replies to this topic

#1 nicolebrady409

nicolebrady409

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 13 November 2015 - 04:19 PM

I am on google chrome and when i go on there and try to do a general search, it doesn't search through google chrome.  It searches through a thing called http://go.mail.ru/.  When I try to change the search engine, it says it is under http://firstsputik.ru and when  I try to click on another search engine, it says that it has to be done by an administrator, but I am the only user on this computer and I am the administrator.  I tried to uninstall and reinistall google chrome and it did not work.  I deleted all programs or whatever that went with this and it still won't let me search under a normal google search.  I also tried to reboot my computer to the last significant update to delete anything else that has been added since the last update and that didn't help either.  I am about to rip my hair out.  Please help!!!!  

 

Oh, I did a malware scan with Malwarebytes Anti-Malware and it deleted a bunch of stuff, but I am still not able to change my default search engine

 

I did the minitool box thing, JRT, adware cleaner, and Malwarebytes Anti-Malware.  I uninstalled and reinstalled google chrome and it still redirects me to the above page. 

 

In the "Manage Search Providers" window, i tried to make Google my default search provider, and delete all the others (in both boxes, the upper one and the lower one). When finished, I clicked on the "Done" button and open the "Manage Search Providers" window again, but the settings reset and firstsputnik.ru was still the default search engine after that.

 

Now, I was told to come to this board and do and run farber recover scan (FRST).  It created a log of various information on my computer so here it is.   

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:49 AM

Posted 14 November 2015 - 06:21 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    GroupPolicy: Restriction - Chrome 
    CHR HKLM\SOFTWARE\Policies\Google: Restriction 
    BHO: PriceMinus -> {36769D17-572D-47F4-8FC8-71A28F3B133D} -> C:\Program Files (x86)\PriceMinus\4vXIQTIbTG5dUI.x64.dll => No File
    CHR HKLM-x32\...\Chrome\Extension: [cmelhlmlfijdeijghblopajcehjagmga] - C:\ProgramData\Browse2save\cmelhlmlfijdeijghblopajcehjagmga.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [efekkfjpiabibcjagddkjabpcljgdlal] - C:\ProgramData\Browse2save\efekkfjpiabibcjagddkjabpcljgdlal.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [llfoneglgecgbaemnmnknbdonenfbomp] - C:\ProgramData\Browse2save\llfoneglgecgbaemnmnknbdonenfbomp.crx <not found>
    S0 lxshaor; System32\drivers\kglxg.sys [X]
    Task: {3D0F9ED2-06AB-49F6-8EFD-5B190263818B} - \Adobe Flash Player Updater -> No File 
    Task: {65F0FC97-1097-42E0-9677-78C4C01519B9} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File 
    Task: {C0E1F3C3-B2C2-4982-9671-2F34C276F170} - System32\Tasks\4810 => Wscript.exe C:\Users\JUNEKI~1\AppData\Local\Temp\launchie.vbs //B 
    CreateRestorePoint:
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Does the issue still persist?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 nicolebrady409

nicolebrady409
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 15 November 2015 - 01:36 AM

I will work on it tonight and send you the results tomorrow.  Thank you!  :)



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:49 AM

Posted 15 November 2015 - 03:29 AM

OK. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 nicolebrady409

nicolebrady409
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 15 November 2015 - 12:59 PM

Hi Jurgen,

 

Here is the report:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by June Kim (2015-11-15 01:27:50) Run:2
Running from C:\Users\June Kim\Desktop
Loaded Profiles: June Kim (Available Profiles: UpdatusUser & June Kim & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
GroupPolicy: Restriction - Chrome
CHR HKLM\SOFTWARE\Policies\Google: Restriction
BHO: PriceMinus -> {36769D17-572D-47F4-8FC8-71A28F3B133D} -> C:\Program Files (x86)\PriceMinus\4vXIQTIbTG5dUI.x64.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [cmelhlmlfijdeijghblopajcehjagmga] - C:\ProgramData\Browse2save\cmelhlmlfijdeijghblopajcehjagmga.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efekkfjpiabibcjagddkjabpcljgdlal] - C:\ProgramData\Browse2save\efekkfjpiabibcjagddkjabpcljgdlal.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [llfoneglgecgbaemnmnknbdonenfbomp] - C:\ProgramData\Browse2save\llfoneglgecgbaemnmnknbdonenfbomp.crx <not found>
S0 lxshaor; System32\drivers\kglxg.sys [X]
Task: {3D0F9ED2-06AB-49F6-8EFD-5B190263818B} - \Adobe Flash Player Updater -> No File
Task: {65F0FC97-1097-42E0-9677-78C4C01519B9} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File
Task: {C0E1F3C3-B2C2-4982-9671-2F34C276F170} - System32\Tasks\4810 => Wscript.exe C:\Users\JUNEKI~1\AppData\Local\Temp\launchie.vbs //B
CreateRestorePoint:
EmptyTemp:
*****************

Processes closed successfully.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36769D17-572D-47F4-8FC8-71A28F3B133D} => key not found.
HKCR\CLSID\{36769D17-572D-47F4-8FC8-71A28F3B133D} => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cmelhlmlfijdeijghblopajcehjagmga => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efekkfjpiabibcjagddkjabpcljgdlal => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\llfoneglgecgbaemnmnknbdonenfbomp => key not found.
lxshaor => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D0F9ED2-06AB-49F6-8EFD-5B190263818B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65F0FC97-1097-42E0-9677-78C4C01519B9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0E1F3C3-B2C2-4982-9671-2F34C276F170} => key not found.
C:\Windows\System32\Tasks\4810 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4810 => key not found.
Restore point was successfully created.
EmptyTemp: => 5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 02:06:30 ====

 

The issue is now fixed!  Thank you so much.  I was also able to go into my settings and delete that website as a possible search engine.  Thank you so much!  :)



#6 nicolebrady409

nicolebrady409
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 15 November 2015 - 01:00 PM

Do I still need the FRST64 program and the logs? 



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:49 AM

Posted 15 November 2015 - 01:04 PM

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 nicolebrady409

nicolebrady409
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 15 November 2015 - 01:51 PM

This computer was given to me by my school and they have avast  antivirus, and I cannot temporary disable it.  The school has a password that they put in to disable it and I don't have that password



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:49 AM

Posted 15 November 2015 - 01:53 PM

Please run HitmanPro anyway.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 nicolebrady409

nicolebrady409
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 15 November 2015 - 02:33 PM

ok.  I will and I'll let you know what it says



#11 nicolebrady409

nicolebrady409
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 15 November 2015 - 02:57 PM

Here is the log
 
HitmanPro 3.7.10.251
www.hitmanpro.com
 
   Computer name . . . . : P14JUNEKIM
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : P14JuneKim\June Kim
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-11-15 11:38:37
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 16m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 271
 
   Objects scanned . . . : 2,072,350
   Files scanned . . . . : 64,635
   Remnants scanned  . . : 497,713 files / 1,510,002 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\June Kim\Desktop\FRST64.exe
      Size . . . . . . . : 2,198,528 bytes
      Age  . . . . . . . : 1.9 days (2015-11-13 12:51:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6E8BF313C850728328088C2DC10FB5369B9C938F71F58EC7EB8D51374EB1CA51
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2489304777-3502256366-581554633-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\June Kim\Desktop\FRST64.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   C:\Users\June Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Media Player\ (FLV Player)
   C:\Users\June Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Media Player\Uninstall FoxTab Media Player.lnk (FLV Player)
   HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}\ (YahooToolbar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3E37FAA-3669-4212-A35D-157BF70ADC04}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E755701B-A61B-4194-8902-17A61C4C1672}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Tracing\DriverRestore_RASAPI32\ (DriverRestore)
   HKLM\SOFTWARE\Microsoft\Tracing\DriverRestore_RASMANCS\ (DriverRestore)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02DECAB759E2FA94AB13703EA9908B73\ (WeCareReminder)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30\ (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}\ (IQIYI)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B9604EE-B104-45C8-8551-5F63BA631E23}\ (WeatherBug)
   HKU\S-1-5-21-2489304777-3502256366-581554633-1001\Software\AppDataLow\Software\Freecause\ (DogpileToolbar)
   HKU\S-1-5-21-2489304777-3502256366-581554633-1001\Software\AppDataLow\Software\Smartbar\ (Conduit)
   HKU\S-1-5-21-2489304777-3502256366-581554633-1001\Software\AppDataLow\Software\Yahoo\Companion\ (YahooToolbar)
   HKU\S-1-5-21-2489304777-3502256366-581554633-1002\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-2489304777-3502256366-581554633-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKU\S-1-5-21-2489304777-3502256366-581554633-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKU\S-1-5-21-2489304777-3502256366-581554633-1002_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
 
Cookies _____________________________________________________________________
 
   C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:254a.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.burbanked.info
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.turn.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad-center.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adsrvmedia.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kiosked.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsby.bidtheatre.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:amgdgt.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:audienceiq.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.adform.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.turn.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtry.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:flashtalking.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:m.webtrends.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:metanetwork.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:metrigo.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.sitescout.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:relestar.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:rhythmxchange.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:rs.gwallet.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:rtbidder.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:servesharp.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.komoona.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:univide.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:vindicosuite.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:vizu.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
   C:\Users\June Kim\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.wtp101.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:abmr.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:acuityplatform.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:ad.360yield.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adadvisor.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adaptv.advertising.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adbrn.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:addthis.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adgrx.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adingo.jp
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adnxs.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:ads.pointroll.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adscale.de
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adserving.speedshiftmedia.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adsrvr.org
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adsymptotic.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:adtechus.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:advertising.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:agkn.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:angsrvr.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:at.atwola.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:atdmt.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:audienceiq.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:basebanner.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:bidr.io
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:bidswitch.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:bluekai.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:burstnet.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:casalemedia.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:cdn.turn.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:chango.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:collective-media.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:connexity.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:contextweb.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:crwdcntrl.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:delivery.swid.switchads.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:demdex.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:dotomi.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:doubleclick.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:dpm.demdex.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:everesttech.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:eyereturn.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:eyeviewads.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:fastclick.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:flashtalking.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:genieessp.jp
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:genieesspv.jp
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:go.sonobi.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:gssprt.jp
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:gwallet.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:href.asia
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:ib.mookie1.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:ih.adscale.de
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:imrworldwide.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:kau.li
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:krxd.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:legolas-media.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:lijit.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:liverail.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:match.rundsp.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:mathtag.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:media6degrees.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:mediaplex.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:mookie1.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:mxptint.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:nexac.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:openx.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:optimatic.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:owneriq.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:ox-d.slickdeals.servedbyopenx.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:pixel.rubiconproject.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:pixel.sitescout.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:pointroll.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:pubmatic.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:questionmarket.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:revsci.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:rfihub.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:rhythmxchange.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:rlcdn.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:rs.gwallet.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:ru4.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:rubiconproject.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:scorecardresearch.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:serving-sys.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:simpli.fi
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:sitescout.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:skimresources.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:slickdeals.tt.omtrdc.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:smartadserver.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:sxp.smartclip.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:taboola.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:tap2-cdn.rubiconproject.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:tapad.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:tidaltv.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:trc.taboola.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:tremorhub.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:tribalfusion.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:tubemogul.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:turn.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:twc.demdex.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:univide.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:vindicosuite.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:vizu.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:w55c.net
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:wtp101.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:www.burstnet.com
   C:\Users\June Kim\AppData\Roaming\Mozilla\Firefox\Profiles\5c8sh1v4.default\cookies.sqlite:www.wtp101.com
 
 


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:49 AM

Posted 15 November 2015 - 03:16 PM

No active malware has been found, so we're done. :)

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 nicolebrady409

nicolebrady409
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 15 November 2015 - 03:44 PM

I just want to say, "WOW!!"  Thank you guys so much!!  You guys have helped me so much!!  :)



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:49 AM

Posted 16 November 2015 - 02:56 AM

You are welcome. Take care.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:49 AM

Posted 16 November 2015 - 02:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users