Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 2 [3]  All   Go Down

Author Topic: Trojan.ransom  (Read 32918 times)

0 Members and 1 Guest are viewing this topic.

MP1975

    Topic Starter


    Apprentice
    Re: Trojan.ransom
    « Reply #30 on: September 13, 2012, 08:13:51 PM »
    # AdwCleaner v2.001 - Logfile created 09/13/2012 at 22:11:56
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : MP - MP-PC
    # Boot Mode : Normal
    # Running from : C:\Users\MP\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Browser Manager

    ***** [Files / Folders] *****

    Logged
    Dream untill your dreams come true.

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Trojan.ransom
    « Reply #31 on: September 14, 2012, 04:52:08 PM »
    Re-run MBAM:

    Code:
    Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

    ***********************************************
    Please download MiniToolBox to Desktop and run it.



    Checkmark the following boxes:

      • Flush DNS
      • Report IE Proxy Settings
      • Reset IE Proxy Settings
      • List content of Hosts
      • List IP Configuration
      • Lst Last 10 Event Viewer Errors
      • List Users, Partitions and Memory Size
        • [/b]
      Click Go and copy/paste the log (Result.txt) into your next post.

      Please tell me if you're still having problems.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      MP1975

        Topic Starter


        Apprentice
        Re: Trojan.ransom
        « Reply #32 on: September 14, 2012, 05:09:03 PM »
        Dave,

        Here are the two logs. That's just it I'm not having any problems EXCEPT that *censored* pop up when I either open facebook or my yahoo. If it didn't become
        annoying I would have never even looked it up to find out it's a threat. Very strange noting has picked it up.


        Malwarebytes Anti-Malware 1.65.0.1400
        www.malwarebytes.org

        Database version: v2012.09.14.07

        Windows 7 Service Pack 1 x64 NTFS
        Internet Explorer 9.0.8112.16421
        MP :: MP-PC [administrator]

        9/14/2012 6:59:23 PM
        mbam-log-2012-09-14 (18-59-23).txt

        Scan type: Quick scan
        Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
        Scan options disabled: P2P
        Objects scanned: 208342
        Time elapsed: 3 minute(s), 14 second(s)

        Memory Processes Detected: 0
        (No malicious items detected)

        Memory Modules Detected: 0
        (No malicious items detected)

        Registry Keys Detected: 0
        (No malicious items detected)

        Registry Values Detected: 0
        (No malicious items detected)

        Registry Data Items Detected: 0
        (No malicious items detected)

        Folders Detected: 0
        (No malicious items detected)

        Files Detected: 0
        (No malicious items detected)

        (end)


        MiniToolBox by Farbar  Version: 23-07-2012
        Ran by MP (administrator) on 14-09-2012 at 19:05:54
        Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
        Boot Mode: Normal
        ***************************************************************************

        ========================= Flush DNS: ===================================

        Windows IP Configuration

        Successfully flushed the DNS Resolver Cache.

        ========================= IE Proxy Settings: ==============================

        Proxy is not enabled.
        No Proxy Server is set.

        "Reset IE Proxy Settings": IE Proxy Settings were reset.
        ========================= Hosts content: =================================

        127.0.0.1       localhost

        ========================= IP Configuration: ================================

        Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected)
        Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


        # ----------------------------------
        # IPv4 Configuration
        # ----------------------------------
        pushd interface ipv4

        reset
        set global


        popd
        # End of IPv4 configuration



        Windows IP Configuration

           Host Name . . . . . . . . . . . . : MP-PC
           Primary Dns Suffix  . . . . . . . :
           Node Type . . . . . . . . . . . . : Hybrid
           IP Routing Enabled. . . . . . . . : No
           WINS Proxy Enabled. . . . . . . . : No
           DNS Suffix Search List. . . . . . : home

        Wireless LAN adapter Wireless Network Connection 2:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
           Physical Address. . . . . . . . . : 0C-60-76-7F-C2-5D
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes

        Wireless LAN adapter Wireless Network Connection:

           Connection-specific DNS Suffix  . : home
           Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
           Physical Address. . . . . . . . . : 0C-60-76-7F-C2-5D
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes
           Link-local IPv6 Address . . . . . : fe80::182a:5f32:32fb:a1bd%12(Preferred)
           IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
           Subnet Mask . . . . . . . . . . . : 255.255.255.0
           Lease Obtained. . . . . . . . . . : Wednesday, September 12, 2012 11:34:40 AM
           Lease Expires . . . . . . . . . . : Saturday, September 15, 2012 1:44:02 PM
           Default Gateway . . . . . . . . . : 192.168.1.1
           DHCP Server . . . . . . . . . . . : 192.168.1.1
           DHCPv6 IAID . . . . . . . . . . . : 319578230
           DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-25-58-03-00-26-9E-41-3A-86
           DNS Servers . . . . . . . . . . . : 192.168.1.1
           NetBIOS over Tcpip. . . . . . . . : Enabled

        Tunnel adapter 6TO4 Adapter:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft 6to4 Adapter
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes

        Tunnel adapter isatap.home:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . : home
           Description . . . . . . . . . . . : Microsoft ISATAP Adapter
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes

        Tunnel adapter Local Area Connection* 16:

           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes
           IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c23:2323:3f57:fefb(Preferred)
           Link-local IPv6 Address . . . . . : fe80::3c23:2323:3f57:fefb%23(Preferred)
           Default Gateway . . . . . . . . . : ::
           NetBIOS over Tcpip. . . . . . . . : Disabled
        Server:  Wireless_Broadband_Router.home
        Address:  192.168.1.1

        Name:    google.com
        Addresses:  2607:f8b0:4006:800::1001
             74.125.226.201
             74.125.226.192
             74.125.226.206
             74.125.226.197
             74.125.226.194
             74.125.226.198
             74.125.226.196
             74.125.226.200
             74.125.226.199
             74.125.226.195
             74.125.226.193


        Pinging google.com [74.125.226.199] with 32 bytes of data:
        Reply from 74.125.226.199: bytes=32 time=9ms TTL=252
        Reply from 74.125.226.199: bytes=32 time=12ms TTL=251

        Ping statistics for 74.125.226.199:
            Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
        Approximate round trip times in milli-seconds:
            Minimum = 9ms, Maximum = 12ms, Average = 10ms
        Server:  Wireless_Broadband_Router.home
        Address:  192.168.1.1

        Name:    yahoo.com
        Addresses:  98.138.253.109
             72.30.38.140
             98.139.183.24


        Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
        Reply from 72.30.38.140: bytes=32 time=764ms TTL=249
        Reply from 72.30.38.140: bytes=32 time=796ms TTL=249

        Ping statistics for 72.30.38.140:
            Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
        Approximate round trip times in milli-seconds:
            Minimum = 764ms, Maximum = 796ms, Average = 780ms
        Server:  Wireless_Broadband_Router.home
        Address:  192.168.1.1

        Name:    bleepingcomputer.com
        Address:  208.43.87.2


        Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
        Reply from 208.43.87.2: Destination host unreachable.
        Reply from 208.43.87.2: Destination host unreachable.

        Ping statistics for 208.43.87.2:
            Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

        Pinging 127.0.0.1 with 32 bytes of data:
        Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
        Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

        Ping statistics for 127.0.0.1:
            Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
        Approximate round trip times in milli-seconds:
            Minimum = 0ms, Maximum = 0ms, Average = 0ms
        ===========================================================================
        Interface List
         13...0c 60 76 7f c2 5d ......Microsoft Virtual WiFi Miniport Adapter
         12...0c 60 76 7f c2 5d ......Broadcom 802.11b/g WLAN
          1...........................Software Loopback Interface 1
         11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
         26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
         23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
        ===========================================================================

        IPv4 Route Table
        ===========================================================================
        Active Routes:
        Network Destination        Netmask          Gateway       Interface  Metric
                  0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
                127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
                127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
          127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
              192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
              192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
            192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
                224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
                224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
          255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
        ===========================================================================
        Persistent Routes:
          None

        IPv6 Route Table
        ===========================================================================
        Active Routes:
         If Metric Network Destination      Gateway
         23     58 ::/0                     On-link
          1    306 ::1/128                  On-link
         23     58 2001::/32                On-link
         23    306 2001:0:9d38:953c:3c23:2323:3f57:fefb/128
                                            On-link
         12    281 fe80::/64                On-link
         23    306 fe80::/64                On-link
         12    281 fe80::182a:5f32:32fb:a1bd/128
                                            On-link
         23    306 fe80::3c23:2323:3f57:fefb/128
                                            On-link
          1    306 ff00::/8                 On-link
         23    306 ff00::/8                 On-link
         12    281 ff00::/8                 On-link
        ===========================================================================
        Persistent Routes:
          None

        ========================= Event log errors: ===============================

        Application errors:
        ==================
        Error: (09/12/2012 00:33:40 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
        The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

        Error: (09/12/2012 00:32:39 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (09/12/2012 00:32:38 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
        The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBE R_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

        Error: (09/11/2012 00:33:36 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (09/11/2012 00:32:44 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
        The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

        Error: (09/11/2012 00:31:45 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (09/11/2012 00:31:43 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
        The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBE R_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

        Error: (09/10/2012 10:33:27 AM) (Source: MsiInstaller) (User: MP-PC)MP-PC
        Description: Product: QuickTime -- You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as an administrator and then retry this installation.

        Error: (09/10/2012 10:25:16 AM) (Source: MsiInstaller) (User: MP-PC)MP-PC
        Description: Product: QuickTime -- You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as an administrator and then retry this installation.

        Error: (09/10/2012 10:24:55 AM) (Source: MsiInstaller) (User: MP-PC)MP-PC
        Description: Product: QuickTime -- You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as an administrator and then retry this installation.


        System errors:
        =============
        Error: (09/12/2012 11:33:58 AM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.

        Error: (09/12/2012 03:18:18 AM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.

        Error: (09/11/2012 04:46:05 PM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.

        Error: (09/11/2012 04:46:33 PM) (Source: EventLog) (User: )
        Description: The previous system shutdown at 4:44:36 PM on ?9/?11/?2012 was unexpected.

        Error: (09/11/2012 09:51:17 AM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.

        Error: (09/10/2012 00:18:42 PM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.

        Error: (09/10/2012 11:43:01 AM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.

        Error: (09/10/2012 11:39:31 AM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.

        Error: (09/10/2012 10:49:11 AM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.

        Error: (09/10/2012 10:37:57 AM) (Source: Application Popup) (User: )
        Description: Driver DLACDBHE.SYS has been blocked from loading.


        Microsoft Office Sessions:
        =========================

        ========================= Memory info: ===================================

        Percentage of memory in use: 39%
        Total physical RAM: 8095.19 MB
        Available physical RAM: 4933.71 MB
        Total Pagefile: 16188.57 MB
        Available Pagefile: 13082.54 MB
        Total Virtual: 4095.88 MB
        Available Virtual: 3967.73 MB

        ========================= Partitions: =====================================

        1 Drive c: () (Fixed) (Total:219.97 GB) (Free:93.3 GB) NTFS
        2 Drive d: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.12 GB) NTFS
        3 Drive e: (Sep 09 2012) (CDROM) (Total:0.69 GB) (Free:0.44 GB) UDF

        ========================= Users: ========================================

        User accounts for \\MP-PC

        Administrator            Guest                    MP                       


        **** End of log ****

        Logged
        Dream untill your dreams come true.

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Trojan.ransom
        « Reply #33 on: September 15, 2012, 01:14:04 PM »
        Could you please run AdwCleaner again and post the log.

        SUPERAntiSpyware

        If you already have SUPERAntiSpyware be sure to check for updates before scanning!

        Download SuperAntispyware Free Edition (SAS)
        * Double-click the icon on your desktop to run the installer.
        * When asked to Update the program definitions, click Yes
        * If you encounter any problems while downloading the updates, manually download and unzip them from here
        * Next click the Preferences button.

        •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
        * Click the Scanning Control tab.
        * Under Scanner Options make sure only the following are checked:

        •Close browsers before scanning
        •Scan for tracking cookies
        •Terminate memory threats before quarantining
        Please leave the others unchecked

        •Click the Close button to leave the control center screen.

        * On the main screen click Scan your computer
        * On the left check the box for the drive you are scanning.
        * On the right choose Perform Complete Scan
        * Click Next to start the scan. Please be patient while it scans your computer.
        * After the scan is complete a summary box will appear. Click OK
        * Make sure everything in the white box has a check next to it, then click Next
        * It will quarantine what it found and if it asks if you want to reboot, click Yes

        •To retrieve the removal information please do the following:
        •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
        •Click Preferences. Click the Statistics/Logs tab.

        •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

        •It will open in your default text editor (preferably Notepad).
        •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

        * Save the log somewhere you can easily find it. (normally the desktop)
        * Click close and close again to exit the program.
        *Copy and Paste the log in your post.
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        MP1975

          Topic Starter


          Apprentice
          Re: Trojan.ransom
          « Reply #34 on: September 16, 2012, 10:04:30 AM »
          # AdwCleaner v2.001 - Logfile created 09/16/2012 at 10:53:34
          # Updated 09/09/2012 by Xplode
          # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
          # User : MP - MP-PC
          # Boot Mode : Normal
          # Running from : C:\Users\MP\Downloads\adwcleaner.exe
          # Option [Search]


          ***** [Services] *****


          ***** [Files / Folders] *****


          ***** [Registry] *****

          Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
          Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
          Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
          Key Found : HKCU\Software\AppDataLow\Software\PriceGong
          Key Found : HKCU\Software\AppDataLow\Software\SmartBar
          Key Found : HKCU\Software\Ask.com
          Key Found : HKCU\Software\BrowserMngr
          Key Found : HKCU\Software\Conduit
          Key Found : HKCU\Software\DataMngr
          Key Found : HKCU\Software\DataMngr_Toolbar
          Key Found : HKCU\Software\ilivid
          Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
          Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
          Key Found : HKLM\Software\Babylon
          Key Found : HKLM\Software\BrowserMngr
          Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
          Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
          Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
          Key Found : HKLM\SOFTWARE\Classes\dnUpdate
          Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
          Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
          Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
          Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
          Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
          Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
          Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2856425
          Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
          Key Found : HKLM\Software\Conduit
          Key Found : HKLM\Software\DataMngr
          Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
          Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
          Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
          Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
          Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
          Key Found : HKU\S-1-5-21-3145774003-3066190270-2427905049-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
          Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
          Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
          Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
          Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

          ***** [Internet Browsers] *****

          -\\ Internet Explorer v9.0.8112.16421

          [OK] Registry is clean.

          -\\ Mozilla Firefox v15.0.1 (en-US)

          Profile name : default
          File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\prefs.js

          [OK] File is clean.

          -\\ Google Chrome v [Unable to get version]

          File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences

          [OK] File is clean.

          *************************

          AdwCleaner[R1].txt - [11075 octets] - [13/09/2012 21:23:19]
          AdwCleaner[S1].txt - [1753 octets] - [13/09/2012 22:11:56]
          AdwCleaner[R2].txt - [4788 octets] - [16/09/2012 10:53:34]

          ########## EOF - C:\AdwCleaner[R2].txt - [4848 octets] ##########



          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 09/16/2012 at 11:56 AM

          Application Version : 5.0.1146

          Core Rules Database Version : 9236
          Trace Rules Database Version: 7048

          Scan type       : Complete Scan
          Total Scan Time : 00:59:10

          Operating System Information
          Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
          UAC On - Limited User

          Memory items scanned      : 552
          Memory threats detected   : 0
          Registry items scanned    : 68872
          Registry threats detected : 0
          File items scanned        : 66199
          File threats detected     : 251

          Adware.Tracking Cookie
             C:\Users\MP\AppData\Roaming\Microsoft\Windows\Cookies\5XVA46NT.txt [ /avgtechnologies.112.2o7.net ]
             C:\USERS\MP\Cookies\5XVA46NT.txt [ Cookie:[email protected]/ ]
             adserv6.com [ C:\USERS\MP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQABSGMC ]
             art.aim4media.com [ C:\USERS\MP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQABSGMC ]
             track.in.omgpm.com [ C:\USERS\MP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQABSGMC ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.AUDXCH ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@247REALMEDIA[2].TXT [ /247REALMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /A1.INTERCLICK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /A1.INTERCLICK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /A1.INTERCLICK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][4].TXT [ /A1.INTERCLICK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AD.EPOCHTIMES ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AD.YIELDMANAGER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.YIELDMANAGER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /AD.YIELDMANAGER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][4].TXT [ /AD.YIELDMANAGER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][5].TXT [ /AD.YIELDMANAGER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADBRITE[2].TXT [ /ADBRITE ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADBRITE[3].TXT [ /ADBRITE ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADBRITE[4].TXT [ /ADBRITE ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADCENTRICONLINE[1].TXT [ /ADCENTRICONLINE ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADECN[2].TXT [ /ADECN ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADFARM1.ADITION ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADINTERAX[1].TXT [ /ADINTERAX ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.POINTROLL ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.AS4X.TMCS.TICKETMASTER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.AS4X.TMCS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.NBA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.PGATOUR ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADTECH[1].TXT [ /ADTECH ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADVERTISING[1].TXT [ /ADVERTISING ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADVERTISING[3].TXT [ /ADVERTISING ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADXPOSE[1].TXT [ /ADXPOSE ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@AMEX-INSIGHTS[1].TXT [ /AMEX-INSIGHTS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@APMEBF[2].TXT [ /APMEBF ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@APMEBF[3].TXT [ /APMEBF ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AT.ATWOLA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@AZJMP[2].TXT [ /AZJMP ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /BEACON.DMSINSIGHTS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /BS.SERVING-SYS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@BURSTNET[2].TXT [ /BURSTNET ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@CASALEMEDIA[3].TXT [ /CASALEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /CB.ADBUREAU ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@CHITIKA[1].TXT [ /CHITIKA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CITI.BRIDGETRACK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /CONTENT.YIELDMANAGER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CONTENT.YIELDMANAGER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /CONTENT.YIELDMANAGER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@DISCOUNTACPARTS[1].TXT [ /DISCOUNTACPARTS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EAS.APM.EMEDIATE ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EHG-BORGATA.HITBOX ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ECREATIVEWORKS.122.2O7 ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EDGE.RU4 ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EHG-JAYGROUP.HITBOX ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EHG-ZOOMERANG.HITBOX ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EVENT.TRVLCLICK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INSIGHTEXPRESSAI[1].TXT [ /INSIGHTEXPRESSAI ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INTERCLICK[1].TXT [ /INTERCLICK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INTERCLICK[4].TXT [ /INTERCLICK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /INTHESWIM.122.2O7 ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[3].TXT [ /INVITEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[4].TXT [ /INVITEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[6].TXT [ /INVITEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[7].TXT [ /INVITEMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LFSTMEDIA[2].TXT [ /LFSTMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LEGOLAS-MEDIA[1].TXT [ /LEGOLAS-MEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LFSTMEDIA[3].TXT [ /LFSTMEDIA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LIVEPERSON[3].TXT [ /LIVEPERSON ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LIVEPERSON[7].TXT [ /LIVEPERSON ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@MEDIABRANDSWW[1].TXT [ /MEDIABRANDSWW ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MOVIETICKETSCOM.122.2O7 ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@NEXTAG[1].TXT [ /NEXTAG ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@PEOPLEFINDERS[1].TXT [ /PEOPLEFINDERS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@QUESTIONMARKET[1].TXT [ /QUESTIONMARKET ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@QUESTIONMARKET[3].TXT [ /QUESTIONMARKET ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@REVSCI[2].TXT [ /REVSCI ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@REVSCI[1].TXT [ /REVSCI ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@REVSCI[3].TXT [ /REVSCI ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@REVSCI[4].TXT [ /REVSCI ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /RICHMEDIA.YAHOO ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ROTATOR.ADJUGGLER ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@SERVING-SYS[2].TXT [ /SERVING-SYS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SOVEREIGNBANK.122.2O7 ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /STATS.PAYPAL ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /STATSE.WEBTRENDSLIVE ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@TACODA[1].TXT [ /TACODA ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@TRAFFICMP[3].TXT [ /TRAFFICMP ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /URLLEADBACK--ADVERTISING--COM.RTRK ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /VIDEOEGG.ADBUREAU ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WALMART.112.2O7 ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW.BURSTNET ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.QSSTATS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW2.ADDFREESTATS ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ZEDO[1].TXT [ /ZEDO ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ZEDO[2].TXT [ /ZEDO ]
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ZEDO[4].TXT [ /ZEDO ]
             .liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .imrworldwide.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .imrworldwide.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adserver.adtechus.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ad.mlnadvertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .specificclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .yieldmanager.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adtech.de [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .aim4media.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .clickbooth.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             rotator.adjuggler.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             rotator.adjuggler.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             rotator.adjuggler.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adjuggler.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .legolas-media.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .legolas-media.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             adserver.zenoviaexchange.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adxpose.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ru4.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ru4.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adinterax.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .tacoda.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ar.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             matcher.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             network.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .t.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             www.werevenueu.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .interclick.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .amazon-adsystem.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .amazon-adsystem.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             tracking999.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             www.werevenueu.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adinterax.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             network.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             ad2.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .tribalfusion.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .televisionfanatic.dl.mywebsearch.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .mywebsearch.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             sales.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .questionmarket.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .questionmarket.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             .technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
             mediaservices-d.openxenterprise.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]

          Trojan.Agent/Gen-FraudScan[Prod]
             ZIP ARCHIVE( C:\USERS\MP\DOWNLOADS\USPS REPORT(1).ZIP )/USPS REPORT.EXE
             C:\USERS\MP\DOWNLOADS\USPS REPORT(1).ZIP
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\USPS REPORT(1).LNK
             ZIP ARCHIVE( C:\USERS\MP\DOWNLOADS\USPS REPORT.ZIP )/USPS REPORT.EXE
             C:\USERS\MP\DOWNLOADS\USPS REPORT.ZIP
             C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\USPS REPORT.LNK

          Heur.Agent/Gen-WhiteBox
             C:\USERS\MP\DOWNLOADS\INSTALL_FLASHPLAYER.EXE
             C:\PROGRAM FILES (X86)\INTELLIDOWNLOAD\TORRENTSEARCH.EXE
          Logged
          Dream untill your dreams come true.

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Trojan.ransom
          « Reply #35 on: September 16, 2012, 01:07:41 PM »
          Remove the Adware:
          • Please close all open programs and internet browsers.
          • Double click on adwcleaner.exe to run the tool.
          • Click on Delete.
          • Confirm each time with OK
          • Your computer will be rebooted automatically. A text file will open after the restart.
          • Please post the content of that logfile in your reply.
          • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          MP1975

            Topic Starter


            Apprentice
            Re: Trojan.ransom
            « Reply #36 on: September 16, 2012, 02:31:22 PM »
            Dave ,

            The only txt file was the one from this morning ?

            # AdwCleaner v2.001 - Logfile created 09/16/2012 at 10:53:34
            # Updated 09/09/2012 by Xplode
            # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
            # User : MP - MP-PC
            # Boot Mode : Normal
            # Running from : C:\Users\MP\Downloads\adwcleaner.exe
            # Option [Search]


            ***** [Services] *****


            ***** [Files / Folders] *****


            ***** [Registry] *****

            Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
            Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
            Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
            Key Found : HKCU\Software\AppDataLow\Software\PriceGong
            Key Found : HKCU\Software\AppDataLow\Software\SmartBar
            Key Found : HKCU\Software\Ask.com
            Key Found : HKCU\Software\BrowserMngr
            Key Found : HKCU\Software\Conduit
            Key Found : HKCU\Software\DataMngr
            Key Found : HKCU\Software\DataMngr_Toolbar
            Key Found : HKCU\Software\ilivid
            Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
            Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
            Key Found : HKLM\Software\Babylon
            Key Found : HKLM\Software\BrowserMngr
            Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
            Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
            Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
            Key Found : HKLM\SOFTWARE\Classes\dnUpdate
            Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
            Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
            Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
            Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
            Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
            Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
            Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2856425
            Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
            Key Found : HKLM\Software\Conduit
            Key Found : HKLM\Software\DataMngr
            Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
            Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
            Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
            Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
            Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
            Key Found : HKU\S-1-5-21-3145774003-3066190270-2427905049-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
            Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
            Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
            Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
            Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

            ***** [Internet Browsers] *****

            -\\ Internet Explorer v9.0.8112.16421

            [OK] Registry is clean.

            -\\ Mozilla Firefox v15.0.1 (en-US)

            Profile name : default
            File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\prefs.js

            [OK] File is clean.

            -\\ Google Chrome v [Unable to get version]

            File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences

            [OK] File is clean.

            *************************

            AdwCleaner[R1].txt - [11075 octets] - [13/09/2012 21:23:19]
            AdwCleaner[S1].txt - [1753 octets] - [13/09/2012 22:11:56]
            AdwCleaner[R2].txt - [4788 octets] - [16/09/2012 10:53:34]

            ########## EOF - C:\AdwCleaner[R2].txt - [4848 octets] ##########
            Logged
            Dream untill your dreams come true.

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Trojan.ransom
            « Reply #37 on: September 16, 2012, 04:06:26 PM »
            Remove the Adware:
            • Please close all open programs and internet browsers.
            • Double click on adwcleaner.exe to run the tool.
            • Click on Delete.
            • Confirm each time with OK
            • Your computer will be rebooted automatically. A text file will open after the restart.
            • Please post the content of that logfile in your reply.
            • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            MP1975

              Topic Starter


              Apprentice
              Re: Trojan.ransom
              « Reply #38 on: September 16, 2012, 04:27:51 PM »
              # AdwCleaner v2.001 - Logfile created 09/16/2012 at 18:26:16
              # Updated 09/09/2012 by Xplode
              # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
              # User : MP - MP-PC
              # Boot Mode : Normal
              # Running from : C:\Users\MP\Downloads\adwcleaner.exe
              # Option [Delete]


              ***** [Services] *****


              ***** [Files / Folders] *****


              ***** [Registry] *****


              ***** [Internet Browsers] *****

              -\\ Internet Explorer v9.0.8112.16421

              [OK] Registry is clean.

              -\\ Mozilla Firefox v15.0.1 (en-US)

              Profile name : default
              File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\prefs.js

              [OK] File is clean.

              -\\ Google Chrome v [Unable to get version]

              File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences

              [OK] File is clean.

              *************************

              AdwCleaner[R2].txt - [4909 octets] - [16/09/2012 10:53:34]
              AdwCleaner[S2].txt - [894 octets] - [16/09/2012 18:26:16]

              ########## EOF - C:\AdwCleaner[S2].txt - [953 octets] ##########
              Logged
              Dream untill your dreams come true.

              SuperDave

              • Malware Removal Specialist
              • Moderator


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Trojan.ransom
              « Reply #39 on: September 16, 2012, 04:39:01 PM »
              Ok. We should be done here unless you are still having problems.
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's

              MP1975

                Topic Starter


                Apprentice
                Re: Trojan.ransom
                « Reply #40 on: September 16, 2012, 04:48:48 PM »
                Dave ,

                Thats the odd thing... except for the pop up when I wen to log in to fb or yahoo I never " thank God" had a problem.

                Again..... TYVVM,

                mp.
                Logged
                Dream untill your dreams come true.

                SuperDave

                • Malware Removal Specialist
                • Moderator


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Trojan.ransom
                « Reply #41 on: September 16, 2012, 04:57:01 PM »
                You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
                Logged
                Windows 8 and Windows 10 dual boot with two SSD's
                Pages: 1 2 [3]  All   Go Up
                « previous next »