Inactive Boot sector virus : mbr:// physicaldrive0

Status
Not open for further replies.
it must be my mom or my son going there because i dont use any of those sites. i removed the toolbars, removed programs, set the computer back to no remote access and ran all the programs you told me to run. i will ask my mom and son about sushi or whatever it is. anything else i need to do? my avast anti virus scans are only picking up files in a folder called Qoobox. dont know what that is. also, i didnt unselect anything from removal from malware bytes.
 
i ran malwarebytes again to see what was up and it found the playsushi thing again and it was unchecked without anyone unchecking it. so it wasnt me or anyone here. lol. i have informed my mom and my son not to download anything, and if they do to make sure to uncheck any extra programs or toolbars that might be included with the download. no one is downloading anything anytime soon though. my computer is running alot better, not freezing up at all. i dont know if im done with the cleaning process though ( i doubt it ), until i hear from you. thank you sooo much for taking the time to help me! ill be waiting to hear from you.
 
i keep forgetting to ask, is it okay to delete the 2 files :
c:\q00box\quarantine\c\...\tsk0000.dta.vir MBR:Alureon B
c:\q00box\quarantine\c\...\tsk0000.dta.vir MBR:Alureon G

they show up as the only 2 threats when i scan with avast.
 
When you uninstall Combofix below, it will remove the program and the Qoobox files. Until then, the AV programs usually continue to show the malware entries no matter what the location! It causes a lot of confusion to the users.
====================================
Let's run Superantispyware and see who is using this process. Note: Important that you follow the 'check everything' line:
SASLogo48x48.gif

SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it, then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
===================================
Leave the log for me in your next reply.
gamevance.com is the domain of the site where they play sushi. Once we find who is going there, the domain can be blocked in their browser.
 
sas log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/27/2011 at 10:18 PM

Application Version : 4.54.1000

Core Rules Database Version : 7340
Trace Rules Database Version: 5152

Scan type : Complete Scan
Total Scan Time : 02:06:31

Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 8426
Registry threats detected : 7
File items scanned : 31733
File threats detected : 577

Adware.Gamevance
HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
HKCR\CLSID\{7370F91F-6994-4595-9949-601FA2261C8D}
HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\gvtl

Adware.Tracking Cookie
C:\Documents and Settings\Ann\Cookies\ann@pro-market[1].txt
C:\Documents and Settings\Ann\Cookies\ann@imrworldwide[3].txt
C:\Documents and Settings\Ann\Cookies\ann@indieclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tacoda.at.atwola[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Ann\Cookies\ann@pointroll[3].txt
C:\Documents and Settings\Ann\Cookies\ann@velmedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.pubmatic[1].txt
C:\Documents and Settings\Ann\Cookies\ann@optimize.indieclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@segment-pixel.invitemedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@serving-sys[1].txt
C:\Documents and Settings\Ann\Cookies\ann@2o7[1].txt
C:\Documents and Settings\Ann\Cookies\ann@media6degrees[1].txt
C:\Documents and Settings\Ann\Cookies\ann@apmebf[1].txt
C:\Documents and Settings\Ann\Cookies\ann@friendquestions[1].txt
C:\Documents and Settings\Ann\Cookies\ann@adserver.adtechus[2].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.foodbuzz[1].txt
C:\Documents and Settings\Ann\Cookies\ann@technoratimedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@insightexpressai[2].txt
C:\Documents and Settings\Ann\Cookies\ann@legolas-media[1].txt
C:\Documents and Settings\Ann\Cookies\ann@lucidmedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@fastclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@myfloridacounty[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.bridgetrack[1].txt
C:\Documents and Settings\Ann\Cookies\ann@collective-media[4].txt
C:\Documents and Settings\Ann\Cookies\ann@yadro[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adinterax[1].txt
C:\Documents and Settings\Ann\Cookies\ann@eset.122.2o7[1].txt
C:\Documents and Settings\Ann\Cookies\ann@media.adfrontiers[1].txt
C:\Documents and Settings\Ann\Cookies\ann@interclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad1.adtitan[2].txt
C:\Documents and Settings\Ann\Cookies\ann@statcounter[2].txt
C:\Documents and Settings\Ann\Cookies\ann@www.trackimizer[1].txt
C:\Documents and Settings\Ann\Cookies\ann@questionmarket[1].txt
C:\Documents and Settings\Ann\Cookies\ann@adserv.mywebtimes[1].txt
C:\Documents and Settings\Ann\Cookies\ann@yieldmanager[1].txt
C:\Documents and Settings\Ann\Cookies\ann@www.googleadservices[2].txt
C:\Documents and Settings\Ann\Cookies\ann@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\Ann\Cookies\ann@a1.interclick[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[5].txt
C:\Documents and Settings\Ann\Cookies\ann@adbrite[1].txt
C:\Documents and Settings\Ann\Cookies\ann@s.clickability[2].txt
C:\Documents and Settings\Ann\Cookies\ann@advertising[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adserver.adreactor[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.ad4game[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adxpose[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.belointeractive[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.velmedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@specificclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@adserving.versaneeds[1].txt
C:\Documents and Settings\Ann\Cookies\ann@mediabrandsww[2].txt
C:\Documents and Settings\Ann\Cookies\ann@hpi.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adtechus[1].txt
C:\Documents and Settings\Ann\Cookies\ann@doubleclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[2].txt
C:\Documents and Settings\Ann\Cookies\ann@zedo[1].txt
C:\Documents and Settings\Ann\Cookies\ann@invitemedia[3].txt
C:\Documents and Settings\Ann\Cookies\ann@atdmt[2].txt
C:\Documents and Settings\Ann\Cookies\ann@bizzclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ar.atwola[2].txt
C:\Documents and Settings\Ann\Cookies\ann@surveyfindweb[2].txt
C:\Documents and Settings\Ann\Cookies\ann@in.getclicky[1].txt
C:\Documents and Settings\Ann\Cookies\ann@at.atwola[3].txt
C:\Documents and Settings\Ann\Cookies\ann@rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\Ann\Cookies\ann@redorbit[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.zanox[1].txt
C:\Documents and Settings\Ann\Cookies\ann@kontera[1].txt
C:\Documents and Settings\Ann\Cookies\ann@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ru4[2].txt
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[4].txt
C:\Documents and Settings\Ann\Cookies\ann@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[7].txt
C:\Documents and Settings\Ann\Cookies\ann@adultfriendfinder[1].txt
C:\Documents and Settings\Ann\Cookies\ann@mm.chitika[1].txt
C:\Documents and Settings\Ann\Cookies\ann@bs.serving-sys[2].txt
C:\Documents and Settings\Ann\Cookies\ann@supremeadserver[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.cinejam[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.adperium[1].txt
C:\Documents and Settings\Ann\Cookies\ann@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@steelhousemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
a.ads2.msads.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
adbureau.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
ads2.msads.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
cdn4.specificclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
convoad.technoratimedia.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
core.insightexpressai.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
crackle.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
ia.media-imdb.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
interclick.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
m1.2mdn.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media-0.phonezoo.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media-macys.pictela.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.ebaumsworld.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.jambocast.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.mtvnservices.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.resulthost.org [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.scanscout.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.tattomedia.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.theonion.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media01.kyte.tv [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media1.break.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media1.clubpenguin.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
mediaplex.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
objects.tremormedia.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
s0.2mdn.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
udn.specificclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
www.ttylmedia.info [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
C:\Documents and Settings\Ann\Cookies\ann@web4.realtracker[1].txt
C:\Documents and Settings\Ann\Cookies\ann@specificmedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[1].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adserver.adtechus[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\ann@advertise[2].txt
C:\Documents and Settings\Ann\Cookies\ann@at.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\ann@www.burstbeacon[1].txt
C:\Documents and Settings\Ann\Cookies\ann@media6degrees[2].txt
C:\Documents and Settings\Ann\Cookies\ann@collective-media[1].txt
C:\Documents and Settings\Ann\Cookies\ann@cdn4.specificclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@collective-media[3].txt
C:\Documents and Settings\Ann\Cookies\ann@www.googleadservices[1].txt
C:\Documents and Settings\Ann\Cookies\ann@www.tracklead[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tacoda.at.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\ann@a1.interclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[1].txt
C:\Documents and Settings\Ann\Cookies\ann@atdmt[1].txt
C:\Documents and Settings\Ann\Cookies\ann@atwola[1].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[4].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[5].txt
C:\Documents and Settings\Ann\Cookies\ann@counter.surfcounters[1].txt
C:\Documents and Settings\Ann\Cookies\ann@doubleclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@emediatrack[2].txt
C:\Documents and Settings\Ann\Cookies\ann@eyewonder[2].txt
C:\Documents and Settings\Ann\Cookies\ann@imrworldwide[2].txt
C:\Documents and Settings\Ann\Cookies\ann@insightexpressai[1].txt
C:\Documents and Settings\Ann\Cookies\ann@invitemedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Ann\Cookies\ann@mediaplex[1].txt
C:\Documents and Settings\Ann\Cookies\ann@pointroll[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ru4[1].txt
C:\Documents and Settings\Ann\Cookies\ann@segment-pixel.invitemedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@serving-sys[2].txt
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[3].txt
C:\Documents and Settings\Ann\Cookies\ann@www.find-quick-results[1].txt
C:\Documents and Settings\Ann\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\Ann\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\Ann\Cookies\system@xml.trafficengine[1].txt
C:\Documents and Settings\Ann\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@advertise[2].txt
C:\Documents and Settings\Ann\Cookies\system@ads.bighealthtree[1].txt
C:\Documents and Settings\Ann\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\Ann\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\Ann\Cookies\system@2o7[1].txt
C:\Documents and Settings\Ann\Cookies\system@interclick[2].txt
C:\Documents and Settings\Ann\Cookies\system@advertise[1].txt
C:\Documents and Settings\Ann\Cookies\system@ru4[2].txt
C:\Documents and Settings\Ann\Cookies\system@ru4[1].txt
C:\Documents and Settings\Ann\Cookies\system@adbrite[2].txt
C:\Documents and Settings\Ann\Cookies\system@adbrite[1].txt
C:\Documents and Settings\Ann\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\Ann\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\Ann\Cookies\system@ads.financialcontent[1].txt
C:\Documents and Settings\Ann\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\Ann\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\system@tacoda.at.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\Ann\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\Ann\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\Ann\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\system@realmedia[3].txt
C:\Documents and Settings\Ann\Cookies\system@realmedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\Ann\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\system@search.321findit[1].txt
C:\Documents and Settings\Ann\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\Ann\Cookies\system@a1.interclick[2].txt
C:\Documents and Settings\Ann\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\Ann\Cookies\system@at.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\Ann\Cookies\system@revsci[2].txt
C:\Documents and Settings\Ann\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@search.amazeclick[1].txt
C:\Documents and Settings\Ann\Cookies\system@pointroll[1].txt
C:\Documents and Settings\Ann\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\Ann\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\Ann\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\Ann\Cookies\system@collective-media[1].txt
C:\Documents and Settings\Ann\Cookies\system@serving-sys[2].txt
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.find-quick-results.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
click.scour.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
C:\Documents and Settings\Guest\Cookies\guest@avgtechnologies.112.2o7[1].txt
bannerfarm.ace.advertising.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
interclick.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
media.tattomedia.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
udn.specificclick.net [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
C:\Documents and Settings\jackie\Cookies\jackie@interclick[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ads.bridgetrack[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@tdstats[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ad.yieldmanager[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ehg-starbucks.hitbox[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@www.burstbeacon[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@stats.gamestop[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@adopt.specificclick[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@specificmedia[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@adserv.mywebtimes[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@adserver.adtechus[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@eb.adbureau[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@cb.adbureau[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@viacom.adbureau[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@media6degrees[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@media.photobucket[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@collective-media[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@apmebf[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@samsclub.112.2o7[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@www.burstnet[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@specificclick[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ads.monster[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ads.pointroll[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@imrworldwide[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@insightexpressai[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@revsci[2].txt
cdn.eyewonder.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
convoad.technoratimedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
convoad.technoratimedia.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
ds.serving-sys.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media.heavy.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media.kyte.tv [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
msnbcmedia.msn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
sftrack.searchforce.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
cdn.eyewonder.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
demo.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
ds.serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
ec.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
ictv-dread-ec.indieclicktv.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.bimvid.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.kyte.tv [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.oprah.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
origin-media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
sftrack.searchforce.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
spe.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
a.ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
ads1.msn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
b.ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
cdn.insights.gravity.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
cdn4.specificclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
convoad.technoratimedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
core.insightexpressai.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
ec.atdmt.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
fastclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
googleads.g.doubleclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
interclick.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
m1.2mdn.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media-0.phonezoo.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.ebaumsworld.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.mtvnservices.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.resulthost.org [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.scanscout.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.socialvi.be [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.tattomedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media1.break.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media1.clubpenguin.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
mediastore.verizonwireless.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
memecounter.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
msnbcmedia.msn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
s0.2mdn.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
secure-us.imrworldwide.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
spe.atdmt.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
speed.pointroll.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
static.sexsearch.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
udn.specificclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
www.crackle.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
www.naiadsystems.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
www.porn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
www.pornhub.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
yo.static.presidiomedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
C:\Documents and Settings\new\Cookies\new@e-2dj6wjkywjcziep.stats.esomniture[2].txt
C:\Documents and Settings\new\Cookies\new@e-2dj6aekisid5elo.stats.esomniture[1].txt
C:\Documents and Settings\new\Cookies\new@apmebf[1].txt
C:\Documents and Settings\new\Cookies\new@cdn1.trafficmp[2].txt
C:\Documents and Settings\new\Cookies\new@invitemedia[4].txt
C:\Documents and Settings\new\Cookies\new@ads.cpxadroit[2].txt
C:\Documents and Settings\new\Cookies\new@collective-media[2].txt
C:\Documents and Settings\new\Cookies\new@ads.whaleads[2].txt
C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[1].txt
C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[2].txt
C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[4].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[1].txt
C:\Documents and Settings\new\Cookies\new@www.burstnet[1].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[3].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[2].txt
C:\Documents and Settings\new\Cookies\new@specificclick[1].txt
C:\Documents and Settings\new\Cookies\new@ad.yieldmanager[3].txt
C:\Documents and Settings\new\Cookies\new@pornhub[2].txt
C:\Documents and Settings\new\Cookies\new@interclick[2].txt
C:\Documents and Settings\new\Cookies\new@adecn[1].txt
C:\Documents and Settings\new\Cookies\new@statcounter[1].txt
C:\Documents and Settings\new\Cookies\new@network.realmedia[1].txt
C:\Documents and Settings\new\Cookies\new@www.googleadservices[6].txt
C:\Documents and Settings\new\Cookies\new@media6degrees[1].txt
C:\Documents and Settings\new\Cookies\new@ads.intergi[1].txt
C:\Documents and Settings\new\Cookies\new@insightexpressai[3].txt
C:\Documents and Settings\new\Cookies\new@insightexpressai[1].txt
C:\Documents and Settings\new\Cookies\new@e-2dj6wnkysjczkco.stats.esomniture[2].txt
C:\Documents and Settings\new\Cookies\new@a1.interclick[2].txt
C:\Documents and Settings\new\Cookies\new@a1.interclick[3].txt
C:\Documents and Settings\new\Cookies\new@abovetracking[2].txt
C:\Documents and Settings\new\Cookies\new@ad.yieldmanager[1].txt
C:\Documents and Settings\new\Cookies\new@advertising[2].txt
C:\Documents and Settings\new\Cookies\new@affiliate.revenueads[2].txt
C:\Documents and Settings\new\Cookies\new@apmebf[3].txt
C:\Documents and Settings\new\Cookies\new@azjmp[1].txt
C:\Documents and Settings\new\Cookies\new@cdn4.specificclick[2].txt
C:\Documents and Settings\new\Cookies\new@cc.gameadserve[2].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[4].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[5].txt
C:\Documents and Settings\new\Cookies\new@diablomedia[1].txt
C:\Documents and Settings\new\Cookies\new@doubleclick[1].txt
C:\Documents and Settings\new\Cookies\new@gr.burstnet[1].txt
C:\Documents and Settings\new\Cookies\new@insightexpressai[2].txt
C:\Documents and Settings\new\Cookies\new@invitemedia[2].txt
C:\Documents and Settings\new\Cookies\new@invitemedia[1].txt
C:\Documents and Settings\new\Cookies\new@kontera[2].txt
C:\Documents and Settings\new\Cookies\new@lgelectronics.122.2o7[1].txt
C:\Documents and Settings\new\Cookies\new@lynxtrack[1].txt
C:\Documents and Settings\new\Cookies\new@mediastore.verizonwireless[1].txt
C:\Documents and Settings\new\Cookies\new@oasn04.247realmedia[2].txt
C:\Documents and Settings\new\Cookies\new@server.cpmstar[2].txt
C:\Documents and Settings\new\Cookies\new@serving-sys[2].txt
8tracks.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
ads2.msads.net [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
adserv.mywebtimes.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
b.ads2.msads.net [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
msnbcmedia.msn.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
spe.atdmt.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
C:\Documents and Settings\Sally\Cookies\sally@www.icityfind[1].txt
C:\Documents and Settings\Sally\Cookies\sally@invitemedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adtechus[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.bridgetrack[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.pubmatic[2].txt
C:\Documents and Settings\Sally\Cookies\sally@advertising[2].txt
C:\Documents and Settings\Sally\Cookies\sally@citi.bridgetrack[2].txt
C:\Documents and Settings\Sally\Cookies\sally@questionmarket[2].txt
C:\Documents and Settings\Sally\Cookies\sally@adserving.versaneeds[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.clickmanage[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[3].txt
C:\Documents and Settings\Sally\Cookies\sally@homestore.122.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@pro-market[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adserver.adtechus[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.yieldmanager[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.cpcadnet[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.cpcadnet[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.yieldmanager[3].txt
C:\Documents and Settings\Sally\Cookies\sally@at.atwola[2].txt
C:\Documents and Settings\Sally\Cookies\sally@track.supercoolprizes[2].txt
C:\Documents and Settings\Sally\Cookies\sally@tribalfusion[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media.icims[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adecn[1].txt
C:\Documents and Settings\Sally\Cookies\sally@yieldmanager[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ar.atwola[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media6degrees[1].txt
C:\Documents and Settings\Sally\Cookies\sally@atdmt[1].txt
C:\Documents and Settings\Sally\Cookies\sally@casalemedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@yadro[1].txt
C:\Documents and Settings\Sally\Cookies\sally@advertise[2].txt
C:\Documents and Settings\Sally\Cookies\sally@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@advertise[3].txt
C:\Documents and Settings\Sally\Cookies\sally@msnportal.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@serving-sys[1].txt
C:\Documents and Settings\Sally\Cookies\sally@lfstmedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@insightexpressai[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.appprizes[2].txt
C:\Documents and Settings\Sally\Cookies\sally@trafficmp[2].txt
C:\Documents and Settings\Sally\Cookies\sally@mediabrandsww[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.addynamix[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.burstbeacon[1].txt
C:\Documents and Settings\Sally\Cookies\sally@a1.interclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@content.yieldmanager[3].txt
C:\Documents and Settings\Sally\Cookies\sally@content.yieldmanager[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www3.webscanoverav.findhere[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.lycos[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media.adfrontiers[2].txt
C:\Documents and Settings\Sally\Cookies\sally@dc.tremormedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@yahoogroups.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@zedo[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.pointroll[2].txt
C:\Documents and Settings\Sally\Cookies\sally@legolas-media[1].txt
C:\Documents and Settings\Sally\Cookies\sally@overture[2].txt
C:\Documents and Settings\Sally\Cookies\sally@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\Sally\Cookies\sally@collective-media[1].txt
C:\Documents and Settings\Sally\Cookies\sally@mm.chitika[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.adperium[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adxpose[1].txt
C:\Documents and Settings\Sally\Cookies\sally@realmedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@clicksor[1].txt
C:\Documents and Settings\Sally\Cookies\sally@fastclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@yellowpages.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@doubleclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@statse.webtrendslive[2].txt
C:\Documents and Settings\Sally\Cookies\sally@lucidmedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.wsod[1].txt
C:\Documents and Settings\Sally\Cookies\sally@interclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adbrite[1].txt
C:\Documents and Settings\Sally\Cookies\sally@counter.hitslink[1].txt
C:\Documents and Settings\Sally\Cookies\sally@imrworldwide[2].txt
C:\Documents and Settings\Sally\Cookies\sally@revsci[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ru4[2].txt
C:\Documents and Settings\Sally\Cookies\sally@2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@revsci[3].txt
C:\Documents and Settings\Sally\Cookies\sally@homefinder[1].txt
C:\Documents and Settings\Sally\Cookies\sally@myroitracking[2].txt
C:\Documents and Settings\Sally\Cookies\sally@stats.manticoretechnology[2].txt
C:\Documents and Settings\Sally\Cookies\sally@countryliving[1].txt
C:\Documents and Settings\Sally\Cookies\sally@myfloridacounty[1].txt
C:\Documents and Settings\Sally\Cookies\sally@mediaplex[1].txt
C:\Documents and Settings\Sally\Cookies\sally@allegis.122.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adserv.mywebtimes[1].txt
C:\Documents and Settings\Sally\Cookies\sally@statcounter[2].txt
C:\Documents and Settings\Sally\Cookies\sally@specificclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@msnbc.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.find-quick-results[1].txt
C:\Documents and Settings\Sally\Cookies\sally@apmebf[2].txt
C:\Documents and Settings\Sally\Cookies\sally@247realmedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@bs.serving-sys[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.burstnet[2].txt
C:\Documents and Settings\Sally\Cookies\sally@bizzclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@pointroll[2].txt
C:\Documents and Settings\Sally\Cookies\sally@bizzclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@traveladvertising[2].txt
C:\Documents and Settings\Sally\Cookies\sally@tacoda.at.atwola[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.ad4game[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.countryliving[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adinterax[1].txt
C:\Documents and Settings\Sally\Cookies\sally@cdn1.trafficmp[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.undertone[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.countryliving[2].txt
C:\Documents and Settings\Sally\Cookies\sally@eyewonder[2].txt
C:\Documents and Settings\Sally\Cookies\sally@rotator.adjuggler[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.homefinder[1].txt
C:\Documents and Settings\Sally\Cookies\sally@perf.overture[1].txt
.fastclick.net [ C:\Documents and Settings\Sally\Local
 
sas log continued...

Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.r1-ads.ace.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bizzclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.find-quick-results.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
server.iad.liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

PUP.Whitesmoke
HKLM\SOFTWARE\whitesmoketoolbar
HKLM\SOFTWARE\whitesmoketoolbar#ieInstallPath

Trojan.Agent/Gen-Kazy[Ico]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP778\A0289080.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP788\A0290607.DLL
 
Okay- I hope you remembered to put in the check to remove found items!

The 2 entries showing in System Volume are restore points. They are not active in the system. I will have you drop all of the old restore point and set a new clean on when the system is clean.
=====================================
Each of the following user accounts need to have the Cookies reset:
Sally
jackie
Ann


Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=======================================
Someone came along and used the system and set their account up with name new c:\documents and settings\new\application data\Mozilla\extensions\ They put an extension on Firefox for gamevance. and most likely will be the user who is responsible for not removing it in Mbam. It appears that an extension to play sushi has been added to Firefox.

I am a bit confused by your comment:
so it wasnt me or anyone here. lol. i have informed my mom and my son not to download anything,
Someone with access to the computer set up this account- how good a detective are you?

Each user has their own SID This is the Security Identifier. The SID for the "new user" is:
S-1-5-21-1390067357-602609370-682003330-1005 All the malware found in Mbam that is identified by name is the 'new user': c:\documents and settings\new\application data\.

The format of an SID can be illustrated as follows:
S-1-5-21-1390067357-602609370-682003330-1005 .
S = The string is a SID
1 = The revision level (the version of the SID specification)
5 = The identifier authority value
21-1390067357-602609370-682003330 = domain or local computer identifier
1005 = a Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater.

All of the trash that was found was on the account named new and it is that user who must have unchecked the removal of Play Sushi in Mbam.

So if you're up to it, you or the Administrator need to find out who user new is and and delete the account. Possibly after that has been done we can finish removing the malware. There is also the possibility that the system has been hacked.
 
when i go into user accounts, there is no "new" or jackie. jackie was a roomate a long time ago, and her account was deleted a year ago i think. the only users that show up are ann, sally and nick (my son). i dont see how jackie could still be showing up, or where the "new" user account came from but i cant access either one of them, because they arent visible in user accounts.
 
If account Jackie was deleted a year ago and Cookies for that account are still on the system, then it appears that the system hasn't been maintained for deleting temporary internet files, Cookie, Disc cleanup, Error Check and Defrag. If it had the entries for the old accounts wouldn't be showing.

I'm going to tell you what I see and you can decide what-if anything-to do about them. I do recommend though the each account resets the Cookies.

Tracking Cookies and other Cookies: There are accounts for the following:
Ann
Administrator
jackie
Guest
LocalService
NetworkService
Sally
new

The account for new shows visits to sites such as:
static.sexsearch.com
.porn.com
.pornhub.com
cc.gameadserve.com

I don't see any entries for an account named Nick. That could mean one of 2 things: 1. He is maintaining his account well and not accumulating temporary internet files and Cookies. 2. Nick is working under an account isn't named Nick I do not have any further information on that.
===========================================
Since you had SuperantiSpyware remove all the entries it found and hopefully you reset the Cookies on the accounts, it might be informative to run SAS again and see if anything is found.
 
here is what i think happened. my son may have created the NEW user account and then deleted it without also deleting the files and folders for that user. same thing with jackies account. the account was deleted, but whoever deleted it opted to keep the files and folders. does that make sense? also, what i meant when i said " it wasnt anyone here..." was that when i ran malware bytes again, and looked at the files it found, playsushi was in there but it was automatically unchecked as to not delete those files, without me unchecking it. i am in the process of resetting cookies for each user account, and am going to run sas again. i ran a search of my c drive for docs & settings/jackie and for new and found a bunch of stuff for both. should i delete the files for those users since they are no longer active?
 
one thing i just noticed while signing onto nicks user acct. all the files on his user acct ( pics, txt files, etc) are the same as the NEW user files i found in the search of my c drive... im so confused! apparently nick and new are the same user? ugh i dont know. im running the sas scan now and it is still finding files for gamevance in the regristry.
 
I gave you the information I saw from the log:
I don't see any entries for an account named Nick. That could mean one of 2 things: 1. He is maintaining his account well and not accumulating temporary internet files and Cookies. 2. Nick is working under an account isn't named Nick I do not have any further information on that.

It would seem that #2 would be the most logical. Everything in SAS should be checked for removal- no matter whose account it's on. After doing that, I suggest you reboot first, then run the following:

Please download ATF Cleaner by Atribune

  • [1] Double-click ATF-Cleaner.exe to run the program.
    [2] Under Main choose: Select All
    [3] Click the Empty Selected button.

    If you use Firefox browser
    [1] Click Firefox at the top and choose:Select All
    [2] Click the Empty Selected button.
    [3] NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    [1] Click Opera at the top and choose: Select All
    [2]Click the Empty Selected button.
    [3]NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

==========================================
Reboot the computer.
==========================================
Run SAS again.
 
ok ive cleared out all cookies, installed and used the atf cleaner. i did use the atf cleaner then rebooted and used sas again, and it still finds tracking cookies even after i deleted them. dont know whats up with that. the one thing i didnt do was to install the two add ons for firefox. i dont really use it, but if its necessary for this cleaning process, then i will install them. ill be waiting to hear from you.
 
Do this for each of the accounts:

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

This is optional:
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
===============================
Would you like to share the rescan of SAS log?
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2011 at 11:02 PM

Application Version : 4.55.1000

Core Rules Database Version : 7369
Trace Rules Database Version: 5181

Scan type : Complete Scan
Total Scan Time : 01:53:26

Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 7894
Registry threats detected : 0
File items scanned : 31908
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Sally\Cookies\sally@citi.bridgetrack[2].txt
C:\Documents and Settings\Sally\Cookies\sally@dc.tremormedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@realmedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@homefinder[2].txt
C:\Documents and Settings\Sally\Cookies\sally@adserv.mywebtimes[2].txt
C:\Documents and Settings\Sally\Cookies\sally@247realmedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.homefinder[1].txt
 
no matter what i do, im going to get tracking cookies, right? is it better to use firefox? i like ie better, and firefox doesnt let me into some websites i need to go to. i did reset cookies, and change settings for cookies on ie and on firefox. what to do next?
 
i also have 2 other questions for you. i dont know if this has anything to do with viruses or spyware or any of that, but i am unable to update windows. when i try it says they all failed. the icon is constantly there in the taskbar. also, my video quality is very sloooow. or maybe its flash? i dont know. when i try to play a video or play a game, it lags big time. i know it used to work fine, but for the last few months its been awful. sorry i know these have nothing to do with my present problems, but im just wondering if they might?
 
no matter what i do, im going to get tracking cookies, right? is it better to use firefox? i like ie better, and firefox doesnt let me into some websites i need to go to. i did reset cookies, and change settings for cookies on ie and on firefox. what to do next?

No. If you have the Cookies reset properly and have good security, you can stop ALL the Tracking Cookies! These are 3rd Party Cookies- they come from the ads, images, banners. Most site require you to get the site Cookie- this is not the Tracking Cookie>>>> except in instances like the sites Joe is going to. Any Cookies from those types of site are going to leave nasty Cookies on the system!

Cookies are left when you register, input user name and password for a site. This board leaves a Cookie on the system so it will recognize you when you come back. That is a "First Party Cookie."
Site Cookie= 1st Party Cookie

But the site also has advertisements on it- some may be embedded in banners or images. These are 3rd Party Cookies. Most 3rd Party Cookies will track you in some way- where you shop, how often you access a site. But if a site is bad such as porn, sex, fraudulent or no Privacy Statement, then any Cookie it leave should be considered undesirable.

I use Firefox exclusively and have for the last 5 years or so. There have only been a couple of sites over the years that require IE exclusively. I think Firefox is a safer browser than IE. I have AdBlockPlus and Easy List. I do not get any Tracking Cookies. I get 'site cookies' for those sites I visit. They are 1st Party
====================================
About the Windows Updates: IF you have a failed update, new updates won't installed. Please refer to the information here for help: http://support.microsoft.com/kb/822798
====================================
Check the Audio and Video Forum for the video problem.
I doubt is has anything to do with the current problem you had.
======================================
Depending on the age of your son and how much control you want to have on his surfing habits, you might want to look into setting some restrictions for site visited. Open Internet Options in either Tools in IE or in the Control Panel> Select Content tab> Click on Enable for Content Advisor and place the setting you want to block.
Consider blocking these: the account for new shows visits to sites such as:
static.sexsearch.com
.porn.com
.pornhub.com
cc.gameadserve.com
 
i did reset cookies like you told me to, blocking 3rd party cookies. the only sites i go to every day and facebook and a couple others. but sas is still finding what it sees as a threat. my son is 13, so yes, i will be looking into it. my mom has to use ie for unemployment, but i dont really have to use it, im just not used to firefox. ok, so now that we have the cookies thing explained, what to do next? lol. im looking into fixing the video thing through the forum here. i like this site. the computer is running almost 100% better except for the slow video thing which is really annoying me because i do use the computer to watch movies and play a few games. it slows down like 5 minutes into a game or movie so bad that i have to stop it. i did download a graphics driver, but its not helping. grr!
 
hey there bobbye. just checking in, still waiting to hear from you as to what to do next. i thought you had said something before about uninstalling one of the programs you had me install or something like that to get rid of the boot sector virus. or am i finished? lol. just let me know when you get time. thanks! :)
 
Sorry- no notice again.

I'd like you to repeat this scan. If it is still on your desktop, you can use it, but you must update first. Also note, you will do the Full Scan this time.
Please Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
==========================================
Then update and repeat this:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
Malware Bytes found 0 Threats but here's the txt from ESET scan. Seems like Java is a culprit once again! rawr!!!

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\18f94b81-16e7e569 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\c255e4c-7d5f514b multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\7b09de1e-3a849c7e Java/TrojanDownloader.OpenStream.NBW trojan
C:\Documents and Settings\Sally\Application Data\Sun\Java\Deployment\cache\6.0\62\4bd616be-1a785ef6 Java/Agent.BB trojan
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266938.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266943.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266944.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266950.dll a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266954.dll a variant of Win32/Toolbar.MyWebSearch.P application
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7092

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2011 7:47:00 PM
mbam-log-2011-07-12 (19-47-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 344875
Time elapsed: 1 hour(s), 49 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Okay- it appears these may be on the 'Sally' account:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Files  
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\18f94b81-16e7e569 
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\c255e4c-7d5f514b 
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\7b09de1e-3a849c7e 
    C:\Documents and Settings\Sally\Application Data\Sun\Java\Deployment\cache\6.0\62\4bd616be-1a785ef6 
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================================
Then do this again also:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
===============================================
The main offender here is the Java/TrojanDownloader.Agent.NCA. It is a trojan which tries to download other malware from the Internet. It is written in Java. It may be invoked when visiting a malicious website by referencing a malicious Java class file within a Java archive file (.JAR).
===============================================
To help prevent this:
1. Be sure only the most current Java version is on the system. Right now that is Java v6u26, Update do not overwrite the old version, so outdated versions need to be removed in Add/Remove Programs.

Additionally, you do not need to add a separate extension for Java in Firefox. And if any versions remain there, they should be removed.

2. Tighten the security: I hope you can read my shorthand below. Your versions of IE and FF may be slightly different so lt me know if you have a question.
For Internet Explorer:
Open Internet Options either through Tools in IE or the Control Panel: Choose the Security tab> Internet> Custom Level> Set as follows:

E= Enable, P= Prompt, D= Disable:
Active X:
Auto Prompt> E
Binary> E
Download signed> E
DL unsigned> P
Init. &script not safe> Disable
Run Active X controls & plug ins> E
Script ActiveX marked safe> E

Download:
Auto prompt> E
File DL> E
Font DL> E

MISC:
Access data across domain> E
Allow META Ref> E
Allow scripting of IE> DISABLE
Allow script init. Windows> E
Allow web page to use... P
Display mix. Cont> P
Don't prompt for cert> E
Drag & drop> E
Init. desktop items> E
Launch programs in IFrame> E
Navigate sub frame> E
Open folder..content> E

SOFTWARE Permission Channel> Low

Font DL> E
Submit non-encrypt> E
Pop-up Blocker> E
User Date perm> E
Web sites in less priv> P

Scripting:
Active> E
Allow paste> E
Script Java> P

User Authentication
Check "Auto-logon with current user name and password."

Click on Apply when finished, then OK.
===========================================
For Firefox:
Tools> Options> Security section> Check Warn me...> Check 'block att sites> Check 'block web sites known as fraudulent.
Warning Messages> Settings> Check 'I am about to view page using low encryption'> Check 'I am about to view a page with encryption that has some unencrypted.'
===========================================
The settings above can be changed to suit your needs of needed.
 
Status
Not open for further replies.
Back