The How-To Geek Forums Have Migrated to Discourse


How-To Geek Forums / Windows 7

Successfully blocked access to a potentially malicious website.

(28 posts)
  • Started 4 years ago by DJDraven
  • Latest reply from mfletch
  • Topic Viewed 4106 times

DJDraven
Posts: 10

I have a custom made desktop that I got about 5 years or so ago. I have been getting this message in the lower right of the screen that says successfully blocked access to a potentially malicious website. Each time it does it it has a different address to a different website. Ever since this has happened my computer has gotten slower. I have tried Malwarebytes full scan on every drive. I have tried TDSSKiller, ESET online scanner, CCleaner, nCleaner, Spybot-S&D, SpywareBlaster, SpeedUpMyPC and ComboFix. It still has not fixed it. I have noticed it mainly does it when I open vuze. Any help would be greatly appreciated.

Posted 4 years ago
Top
 
gedstar
Posts: 521

Have you tried this http://www.superantispyware.com/
You could try un-installing Vuze, Bittorrent software is not the safest of apps to use.

Posted 4 years ago
Top
 
DJDraven
Posts: 10

Here is my Malwarebytes Log.

11/23/2012 11:18:10 PM
mbam-log-2012-11-23 (23-18-10).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334811
Time elapsed: 1 hour(s), 45 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 31
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0C0AtB0A0A0ByEtDzz0EtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=1828208232) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0C0AtB0A0A0ByEtDzz0EtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=1828208232) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Program Files\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22 (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Quarantined and deleted successfully.

Files Detected: 16
C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
C:\Users\NikonDJ84\Desktop\Core Temp\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\NikonDJ84\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\NikonDJ84\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\NikonDJ84\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\NikonDJ84\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)

Posted 4 years ago
Top
 
GuiltySpark
Posts: 4024

Get rid of nCleaner and SpeedUpMyPC as these will not help things.

The toolbars you had 'FunMoods', would have come from sites like Uniblue which is a big Don't Go Area!!!

What program is telling you that a site is malicious ?

Posted 4 years ago
Top
 
vistamike
Posts: 10945

DJDraven, Hi.

Funmoods, and PUP (potentially unwanted software) is showing. I would reboot your machine and rerun Mbam. This sort of stuff need to be cleaned from your machine.

Please also run gedstar's suggestion http://www.superantispyware.com/

Also, think about untrusted sharing sites, Vuze, and rubbish like nCleaner and SpeedUpMyPC (uninstall them)

Could you post a screenshot of your installed programs? We can then tell you how to get rid of the wonky ones.

Mike

Posted 4 years ago
Top
 
Xhi
Posts: 6298

If you have CCleaner. Tools -> Uninstall at the bottom right make a text file list and post it. Possibly easier than posting a picture.

Posted 4 years ago
Top
 
StringJunky
Posts: 2454

As an exercise, I deliberately installed Funmoods and proceeded to to try to get rid of it but couldn't...it kept popping back in the registry after rebooting. There is a file somewhere that keeps it alive. I re-imaged.

Posted 4 years ago
Top
 
Straspey
Posts: 556

@ DJDraven

That message you are receiving is a result of the "Malicious Website Blocking" feature of Malwerebytes Anti-Malware.

It's designed to protect you from connecting with websites which might be (or are known to be) malicious - in that you could be in danger of being infected with a virus, malware, etc.

I occasionally receive the exact same message - and unless I'm absolutely 110% positively sure that the site I'm trying to access is safe, I will allow MBAM to block the connection.

Open the main window MBAM and click on the PROTECTION tab.

You will see an option to "Enable Malicious Website Blocking"

Having that option checked will turn on this feature, which results in those messages you receive.
You can choose to un-check that option - however you do so at your own risk, and personally, I strongly
urge against turning it off.

Hopefully though this will help with your issue.

Posted 4 years ago
Top
 
vistamike
Posts: 10945

Tony, the Funmoods toolbar is really intrusive, did you find it revo, as a toolbar with the rest of the invasive stuff, toolbar addon crap

Posted 4 years ago
Top
 
vistamike
Posts: 10945

as an install

Posted 4 years ago
Top
 
StringJunky
Posts: 2454

Yeah I installed it. I tried everything Mike I could think of...even looking for all the reg entries using search function. I even used a toolbar remover which cleared it's registry entries but on reboot those entries came back...can't find the tool now. It's harder than Babylon. Might have another go with Funmoods soon.

Posted 4 years ago
Top
 
GuiltySpark
Posts: 4024

Tony,

Next time you give it a try, turn off System Restore (obviously make an image first) and see if it comes back after that.

Posted 4 years ago
Top
 
StringJunky
Posts: 2454

GS

OK.

Posted 4 years ago
Top
 
DJDraven
Posts: 10

So here is my SuperAntiSpyware completed scan log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2012 at 03:03 AM

Application Version : 5.6.1014

Core Rules Database Version : 9635
Trace Rules Database Version: 7447

Scan type : Complete Scan
Total Scan Time : 05:40:43

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 584
Memory threats detected : 0
Registry items scanned : 38876
Registry threats detected : 0
File items scanned : 40626
File threats detected : 172

Adware.Tracking Cookie
core.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GRSCSZWA ]
core.saymedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GRSCSZWA ]
www.googleadservices.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.otclick-adv.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
count.rbc.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.engine.rbc.medialand.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.medialand.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.medialand.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ad.mlnadvertising.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.mtvn.112.2o7.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.hdtracks.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.hdtracks.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.hdtracks.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
www.hdtracks.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.stat.adlabs.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.go.underclick.ru [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
a.intentmedia.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NIKONDJ84\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2APRDO0S.DEFAULT\COOKIES.SQLITE ]

Posted 4 years ago
Top
 
DJDraven
Posts: 10

Here are my installed Programs. You will notice I removed Vuze, SpeedupmyPC, and nCleaner.

Posted 4 years ago
Top
 
DJDraven
Posts: 10

Posted 4 years ago
Top
 
Hermitt
Posts: 1310

It would be wise to uninstall one of your anti-virus programs because one will conflict with the other.
I would uninstall Ad-Aware antivirus and keep Avast!

Jim

Posted 4 years ago
Top
 
DJDraven
Posts: 10

As you can see the full scan I did turned up nothing and this was after I restarted the computer. But the computer continues to run slow. Also the successfully blocked message appears now when I attempt to use the website MRTZCMP3. Which is a site I pay for.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
NikonDJ84 :: NIKONDJ84-PC [administrator]

Protection: Enabled

11/26/2012 4:58:40 AM
mbam-log-2012-11-26 (04-58-40).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329516
Time elapsed: 2 hour(s), 55 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Posted 4 years ago
Top
 
StringJunky
Posts: 2454

If you've had that OS running since you got it it's probably a good idea to reinstall it.

Posted 4 years ago
Top
 
mfletch
Posts: 1434

Hi can you please give us a list of all the programs that start at start-up

Use Ccleaner/ Tools/Start-up

Take a snap shot of the programs and post it back on here.

StringJunky

Try running this AdwCleaner http://www.bleepingcomputer.co.....dwcleaner/

Posted 4 years ago
Top
 
Straspey
Posts: 556

And I reiterate -

The message is coming directly from the Malicious Website Blocking feature of Malwarebytes Anti-Malware.

I guarantee that if you disable this feature, those messages will stop popping up.

Posted 4 years ago
Top
 
Straspey
Posts: 556

Have a look at the following link to a FAQ on the MBAM Forums Website - It may help to shed some light on the issue:

IP Protection Module

In v1.40, Malwarebytes introduced IP Protection into Malwarebytes' Anti-Malware, to prevent the user being infected in the first place. The following is information on what this does, and how it works.

What does IP Protection do?

IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges, for example, NetDirekt, which is host to the Internet Service Team.

How does it do this?

When you ask your browser to connect to a website, Windows uses DNS or the HOSTS file (depending on configuration), to convert that domain name into it's corresponding IP address (e.g. example.com <> 1.2.3.4). MBAM intercepts the packet communications, to determine whether or not the IP address is known for malicious activity, and if so, blocks the communication.

How does it inform you?

MBAM informs you a malicious IP has been blocked by presenting a bubble notification at the bottom of the screen (next to the system tray), and it also writes a log file.

Read More:

http://forums.malwarebytes.org.....ntry162100

Posted 4 years ago
Top
 
DJDraven
Posts: 10

Posted 4 years ago
Top
 
DJDraven
Posts: 10

# AdwCleaner v2.009 - Logfile created 11/27/2012 at 23:39:30
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : NikonDJ84 - NIKONDJ84-PC
# Boot Mode : Normal
# Running from : C:\Users\NikonDJ84\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\NikonDJ84\AppData\Local\funmoods-speeddial_sf.crx

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\NikonDJ84\AppData\Roaming\Mozilla\Firefox\Profiles\2aprdo0s.default\prefs.js

C:\Users\NikonDJ84\AppData\Roaming\Mozilla\Firefox\Profiles\2aprdo0s.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "13BE6498C36075BE2A0056C08E8336C2");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "001FC6CA2AAB408E");
Deleted : user_pref("extensions.funmoods.instlDay", "15667");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2222:47:13");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2222:47:13");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2222:47:13");

*************************

AdwCleaner[S1].txt - [4107 octets] - [27/11/2012 23:39:30]

########## EOF - C:\AdwCleaner[S1].txt - [4167 octets] ##########

Posted 4 years ago
Top
 
DJDraven
Posts: 10

So good news I guess. I remembered that for some reason when I have Malwarebytes installed it keeps me from using the website MRTZCMP3. So I Uninstalled it and the website works and the message is gone. Does this mean I can't use Malwarebytes if I still want access to MRTZCMP3? Or is there some kind of trusted sites list. In addition to that it looks like the funmoods are still there so I guess if anyone could help with that and let me know a way to fix it I would be good. Thanks.

Posted 4 years ago
Top
 
DJDraven
Posts: 10

Just noticed that it appears the funmoods are gone. I have restarted my computer and the funmoods have not popped back up. If I click the downward arrow to the right of the google logo on the google search bar at the top and go to mange search engines and it does not appear to be there. I was wondering does it just randomly come back or should it come back every time you restart the computer?

Posted 4 years ago
Top
 
Straspey
Posts: 556

How To Remove The “Fun Moods” Browser Hijacker Virus

What Is The Fun Moods Virus (Start.Funmoods.com)?

The Fun Moods virus (also known as Face Moods, funmoods) is adware and spyware published by Volonet LTD, categorized as a complete browser hijacker that is capable of changing internet browser settings and browser helped objects, such as the homepage (startup page), browser add-ons and extensions, and managed search engines (default search: start.funmoods.com) which cause internet searches and inputted URLs to redirect to Fun Mood’s search engine Start.Funmoods.com or other third party drive-by websites. Fun Moods is often referred to as a “redirection” virus because of this.

Read all the step-by-step details at he link below:

http://botcrawl.com/how-to-rem.....ker-virus/

Posted 4 years ago
Top
 
mfletch
Posts: 1434

Funmoods should be gone now from your computer after running the AdwCleaner

Posted 4 years ago
Top
 



Topic Closed

This topic has been closed to new replies.