Boot sector virus : mbr:// physicaldrive0

Inactive
By amb913
Jun 14, 2011
Topic Status:
Not open for further replies.
  1. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    it must be my mom or my son going there because i dont use any of those sites. i removed the toolbars, removed programs, set the computer back to no remote access and ran all the programs you told me to run. i will ask my mom and son about sushi or whatever it is. anything else i need to do? my avast anti virus scans are only picking up files in a folder called Qoobox. dont know what that is. also, i didnt unselect anything from removal from malware bytes.
  2. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    i ran malwarebytes again to see what was up and it found the playsushi thing again and it was unchecked without anyone unchecking it. so it wasnt me or anyone here. lol. i have informed my mom and my son not to download anything, and if they do to make sure to uncheck any extra programs or toolbars that might be included with the download. no one is downloading anything anytime soon though. my computer is running alot better, not freezing up at all. i dont know if im done with the cleaning process though ( i doubt it ), until i hear from you. thank you sooo much for taking the time to help me! ill be waiting to hear from you.
  3. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    i keep forgetting to ask, is it okay to delete the 2 files :
    c:\q00box\quarantine\c\...\tsk0000.dta.vir MBR:Alureon B
    c:\q00box\quarantine\c\...\tsk0000.dta.vir MBR:Alureon G

    they show up as the only 2 threats when i scan with avast.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    When you uninstall Combofix below, it will remove the program and the Qoobox files. Until then, the AV programs usually continue to show the malware entries no matter what the location! It causes a lot of confusion to the users.
    ====================================
    Let's run Superantispyware and see who is using this process. Note: Important that you follow the 'check everything' line:
    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it, then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
    ===================================
    Leave the log for me in your next reply.
    gamevance.com is the domain of the site where they play sushi. Once we find who is going there, the domain can be blocked in their browser.
  5. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    sas log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/27/2011 at 10:18 PM

    Application Version : 4.54.1000

    Core Rules Database Version : 7340
    Trace Rules Database Version: 5152

    Scan type : Complete Scan
    Total Scan Time : 02:06:31

    Memory items scanned : 502
    Memory threats detected : 0
    Registry items scanned : 8426
    Registry threats detected : 7
    File items scanned : 31733
    File threats detected : 577

    Adware.Gamevance
    HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
    HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
    HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
    HKCR\CLSID\{7370F91F-6994-4595-9949-601FA2261C8D}
    HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\gvtl

    Adware.Tracking Cookie
    C:\Documents and Settings\Ann\Cookies\ann@pro-market[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@imrworldwide[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@indieclick[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@tacoda.at.atwola[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.bleepingcomputer[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@pointroll[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@velmedia[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.pubmatic[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@optimize.indieclick[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@segment-pixel.invitemedia[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@serving-sys[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@2o7[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@media6degrees[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@apmebf[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@friendquestions[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@adserver.adtechus[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.foodbuzz[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@technoratimedia[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@insightexpressai[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@legolas-media[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@lucidmedia[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@fastclick[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@myfloridacounty[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.bridgetrack[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@collective-media[4].txt
    C:\Documents and Settings\Ann\Cookies\ann@yadro[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@adinterax[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@eset.122.2o7[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@media.adfrontiers[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@interclick[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad1.adtitan[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@statcounter[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@www.trackimizer[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@questionmarket[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@adserv.mywebtimes[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@yieldmanager[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@www.googleadservices[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@r1-ads.ace.advertising[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@a1.interclick[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[5].txt
    C:\Documents and Settings\Ann\Cookies\ann@adbrite[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@s.clickability[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@advertising[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@adserver.adreactor[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.ad4game[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@adxpose[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.belointeractive[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad.velmedia[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@specificclick[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@adserving.versaneeds[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@mediabrandsww[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@hpi.rotator.hadj7.adjuggler[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@adtechus[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@doubleclick[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@zedo[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@invitemedia[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@atdmt[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@bizzclick[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ar.atwola[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@surveyfindweb[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@in.getclicky[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@at.atwola[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@rotator.hadj7.adjuggler[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@redorbit[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad.zanox[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@kontera[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@gotacha.rotator.hadj7.adjuggler[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ru4[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[4].txt
    C:\Documents and Settings\Ann\Cookies\ann@fidelity.rotator.hadj7.adjuggler[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[7].txt
    C:\Documents and Settings\Ann\Cookies\ann@adultfriendfinder[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@mm.chitika[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@bs.serving-sys[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@supremeadserver[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.cinejam[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad.adperium[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@mediaplex[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@steelhousemedia[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
    a.ads2.msads.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    adbureau.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    ads2.msads.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    bannerfarm.ace.advertising.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    cdn4.specificclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    convoad.technoratimedia.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    core.insightexpressai.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    crackle.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    googleads.g.doubleclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    ia.media-imdb.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    interclick.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    m1.2mdn.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media-0.phonezoo.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media-macys.pictela.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media.ebaumsworld.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media.jambocast.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media.mtvnservices.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media.resulthost.org [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media.scanscout.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media.tattomedia.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media.theonion.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media01.kyte.tv [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media1.break.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    media1.clubpenguin.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    mediaplex.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    objects.tremormedia.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    s0.2mdn.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    udn.specificclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    www.ttylmedia.info [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
    C:\Documents and Settings\Ann\Cookies\ann@web4.realtracker[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@specificmedia[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@adserver.adtechus[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@advertise[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@at.atwola[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@www.burstbeacon[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@media6degrees[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@collective-media[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@cdn4.specificclick[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@collective-media[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@www.googleadservices[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@www.tracklead[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@tacoda.at.atwola[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@a1.interclick[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@atdmt[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@atwola[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[4].txt
    C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[5].txt
    C:\Documents and Settings\Ann\Cookies\ann@counter.surfcounters[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@doubleclick[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@emediatrack[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@eyewonder[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@imrworldwide[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@insightexpressai[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@invitemedia[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@medhelpinternational.112.2o7[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@mediaplex[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@pointroll[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@ru4[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@segment-pixel.invitemedia[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@serving-sys[2].txt
    C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[1].txt
    C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[3].txt
    C:\Documents and Settings\Ann\Cookies\ann@www.find-quick-results[1].txt
    C:\Documents and Settings\Ann\Cookies\system@247realmedia[1].txt
    C:\Documents and Settings\Ann\Cookies\system@dc.tremormedia[2].txt
    C:\Documents and Settings\Ann\Cookies\system@ads.pointroll[1].txt
    C:\Documents and Settings\Ann\Cookies\system@xml.trafficengine[1].txt
    C:\Documents and Settings\Ann\Cookies\system@dc.tremormedia[1].txt
    C:\Documents and Settings\Ann\Cookies\system@advertise[2].txt
    C:\Documents and Settings\Ann\Cookies\system@ads.bighealthtree[1].txt
    C:\Documents and Settings\Ann\Cookies\system@lucidmedia[2].txt
    C:\Documents and Settings\Ann\Cookies\system@bizzclick[1].txt
    C:\Documents and Settings\Ann\Cookies\system@2o7[1].txt
    C:\Documents and Settings\Ann\Cookies\system@interclick[2].txt
    C:\Documents and Settings\Ann\Cookies\system@advertise[1].txt
    C:\Documents and Settings\Ann\Cookies\system@ru4[2].txt
    C:\Documents and Settings\Ann\Cookies\system@ru4[1].txt
    C:\Documents and Settings\Ann\Cookies\system@adbrite[2].txt
    C:\Documents and Settings\Ann\Cookies\system@adbrite[1].txt
    C:\Documents and Settings\Ann\Cookies\system@invitemedia[1].txt
    C:\Documents and Settings\Ann\Cookies\system@invitemedia[2].txt
    C:\Documents and Settings\Ann\Cookies\system@trafficengine[1].txt
    C:\Documents and Settings\Ann\Cookies\system@ads.financialcontent[1].txt
    C:\Documents and Settings\Ann\Cookies\system@adserver.adtechus[1].txt
    C:\Documents and Settings\Ann\Cookies\system@ar.atwola[1].txt
    C:\Documents and Settings\Ann\Cookies\system@tacoda.at.atwola[1].txt
    C:\Documents and Settings\Ann\Cookies\system@ads.pubmatic[1].txt
    C:\Documents and Settings\Ann\Cookies\system@ads.pubmatic[2].txt
    C:\Documents and Settings\Ann\Cookies\system@ad.yieldmanager[3].txt
    C:\Documents and Settings\Ann\Cookies\system@ad.yieldmanager[2].txt
    C:\Documents and Settings\Ann\Cookies\system@realmedia[3].txt
    C:\Documents and Settings\Ann\Cookies\system@realmedia[1].txt
    C:\Documents and Settings\Ann\Cookies\system@tribalfusion[1].txt
    C:\Documents and Settings\Ann\Cookies\system@content.yieldmanager[2].txt
    C:\Documents and Settings\Ann\Cookies\system@search.321findit[1].txt
    C:\Documents and Settings\Ann\Cookies\system@content.yieldmanager[3].txt
    C:\Documents and Settings\Ann\Cookies\system@a1.interclick[2].txt
    C:\Documents and Settings\Ann\Cookies\system@tribalfusion[2].txt
    C:\Documents and Settings\Ann\Cookies\system@at.atwola[1].txt
    C:\Documents and Settings\Ann\Cookies\system@questionmarket[2].txt
    C:\Documents and Settings\Ann\Cookies\system@revsci[2].txt
    C:\Documents and Settings\Ann\Cookies\system@network.realmedia[1].txt
    C:\Documents and Settings\Ann\Cookies\system@search.amazeclick[1].txt
    C:\Documents and Settings\Ann\Cookies\system@pointroll[1].txt
    C:\Documents and Settings\Ann\Cookies\system@mediabrandsww[1].txt
    C:\Documents and Settings\Ann\Cookies\system@imrworldwide[3].txt
    C:\Documents and Settings\Ann\Cookies\system@imrworldwide[2].txt
    C:\Documents and Settings\Ann\Cookies\system@collective-media[1].txt
    C:\Documents and Settings\Ann\Cookies\system@serving-sys[2].txt
    ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .questionmarket.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .questionmarket.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .media6degrees.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.find-quick-results.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    click.scour.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertise.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .apmebf.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .yieldmanager.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    C:\Documents and Settings\Guest\Cookies\guest@avgtechnologies.112.2o7[1].txt
    bannerfarm.ace.advertising.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
    interclick.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
    media.tattomedia.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
    udn.specificclick.net [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
    C:\Documents and Settings\jackie\Cookies\jackie@interclick[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@ads.bridgetrack[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@tdstats[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@ad.yieldmanager[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@ehg-starbucks.hitbox[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@www.burstbeacon[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@stats.gamestop[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@adopt.specificclick[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@specificmedia[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@adserv.mywebtimes[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@adserver.adtechus[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@eb.adbureau[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@cb.adbureau[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@viacom.adbureau[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@media6degrees[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@media.photobucket[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@collective-media[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@dynamic.media.adrevolver[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@apmebf[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@samsclub.112.2o7[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@www.burstnet[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@avgtechnologies.112.2o7[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@specificclick[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@ads.monster[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@ads.pointroll[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@imrworldwide[2].txt
    C:\Documents and Settings\jackie\Cookies\jackie@insightexpressai[1].txt
    C:\Documents and Settings\jackie\Cookies\jackie@revsci[2].txt
    cdn.eyewonder.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    convoad.technoratimedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    convoad.technoratimedia.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    ds.serving-sys.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    media.heavy.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    media.kyte.tv [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    msnbcmedia.msn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    sftrack.searchforce.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
    cdn.eyewonder.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    demo.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    ds.serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    ec.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    ictv-dread-ec.indieclicktv.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    media.bimvid.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    media.kyte.tv [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    media.oprah.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    origin-media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    sftrack.searchforce.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    spe.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
    a.ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    ads1.msn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    b.ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    cdn.insights.gravity.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    cdn4.specificclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    convoad.technoratimedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    core.insightexpressai.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    ec.atdmt.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    fastclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    googleads.g.doubleclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    interclick.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    m1.2mdn.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media-0.phonezoo.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media.ebaumsworld.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media.mtvnservices.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media.resulthost.org [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media.scanscout.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media.socialvi.be [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media.tattomedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media1.break.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    media1.clubpenguin.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    mediastore.verizonwireless.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    memecounter.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    msnbcmedia.msn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    s0.2mdn.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    spe.atdmt.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    speed.pointroll.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    static.sexsearch.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    udn.specificclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    www.crackle.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    www.naiadsystems.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    www.porn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    www.pornhub.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    yo.static.presidiomedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
    C:\Documents and Settings\new\Cookies\new@e-2dj6wjkywjcziep.stats.esomniture[2].txt
    C:\Documents and Settings\new\Cookies\new@e-2dj6aekisid5elo.stats.esomniture[1].txt
    C:\Documents and Settings\new\Cookies\new@apmebf[1].txt
    C:\Documents and Settings\new\Cookies\new@cdn1.trafficmp[2].txt
    C:\Documents and Settings\new\Cookies\new@invitemedia[4].txt
    C:\Documents and Settings\new\Cookies\new@ads.cpxadroit[2].txt
    C:\Documents and Settings\new\Cookies\new@collective-media[2].txt
    C:\Documents and Settings\new\Cookies\new@ads.whaleads[2].txt
    C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[1].txt
    C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[2].txt
    C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[4].txt
    C:\Documents and Settings\new\Cookies\new@content.yieldmanager[1].txt
    C:\Documents and Settings\new\Cookies\new@www.burstnet[1].txt
    C:\Documents and Settings\new\Cookies\new@content.yieldmanager[3].txt
    C:\Documents and Settings\new\Cookies\new@content.yieldmanager[2].txt
    C:\Documents and Settings\new\Cookies\new@specificclick[1].txt
    C:\Documents and Settings\new\Cookies\new@ad.yieldmanager[3].txt
    C:\Documents and Settings\new\Cookies\new@pornhub[2].txt
    C:\Documents and Settings\new\Cookies\new@interclick[2].txt
    C:\Documents and Settings\new\Cookies\new@adecn[1].txt
    C:\Documents and Settings\new\Cookies\new@statcounter[1].txt
    C:\Documents and Settings\new\Cookies\new@network.realmedia[1].txt
    C:\Documents and Settings\new\Cookies\new@www.googleadservices[6].txt
    C:\Documents and Settings\new\Cookies\new@media6degrees[1].txt
    C:\Documents and Settings\new\Cookies\new@ads.intergi[1].txt
    C:\Documents and Settings\new\Cookies\new@insightexpressai[3].txt
    C:\Documents and Settings\new\Cookies\new@insightexpressai[1].txt
    C:\Documents and Settings\new\Cookies\new@e-2dj6wnkysjczkco.stats.esomniture[2].txt
    C:\Documents and Settings\new\Cookies\new@a1.interclick[2].txt
    C:\Documents and Settings\new\Cookies\new@a1.interclick[3].txt
    C:\Documents and Settings\new\Cookies\new@abovetracking[2].txt
    C:\Documents and Settings\new\Cookies\new@ad.yieldmanager[1].txt
    C:\Documents and Settings\new\Cookies\new@advertising[2].txt
    C:\Documents and Settings\new\Cookies\new@affiliate.revenueads[2].txt
    C:\Documents and Settings\new\Cookies\new@apmebf[3].txt
    C:\Documents and Settings\new\Cookies\new@azjmp[1].txt
    C:\Documents and Settings\new\Cookies\new@cdn4.specificclick[2].txt
    C:\Documents and Settings\new\Cookies\new@cc.gameadserve[2].txt
    C:\Documents and Settings\new\Cookies\new@content.yieldmanager[4].txt
    C:\Documents and Settings\new\Cookies\new@content.yieldmanager[5].txt
    C:\Documents and Settings\new\Cookies\new@diablomedia[1].txt
    C:\Documents and Settings\new\Cookies\new@doubleclick[1].txt
    C:\Documents and Settings\new\Cookies\new@gr.burstnet[1].txt
    C:\Documents and Settings\new\Cookies\new@insightexpressai[2].txt
    C:\Documents and Settings\new\Cookies\new@invitemedia[2].txt
    C:\Documents and Settings\new\Cookies\new@invitemedia[1].txt
    C:\Documents and Settings\new\Cookies\new@kontera[2].txt
    C:\Documents and Settings\new\Cookies\new@lgelectronics.122.2o7[1].txt
    C:\Documents and Settings\new\Cookies\new@lynxtrack[1].txt
    C:\Documents and Settings\new\Cookies\new@mediastore.verizonwireless[1].txt
    C:\Documents and Settings\new\Cookies\new@oasn04.247realmedia[2].txt
    C:\Documents and Settings\new\Cookies\new@server.cpmstar[2].txt
    C:\Documents and Settings\new\Cookies\new@serving-sys[2].txt
    8tracks.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
    ads2.msads.net [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
    adserv.mywebtimes.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
    b.ads2.msads.net [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
    msnbcmedia.msn.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
    spe.atdmt.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
    C:\Documents and Settings\Sally\Cookies\sally@www.icityfind[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@invitemedia[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@adtechus[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ads.bridgetrack[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ads.pubmatic[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@advertising[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@citi.bridgetrack[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@questionmarket[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@adserving.versaneeds[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.clickmanage[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[3].txt
    C:\Documents and Settings\Sally\Cookies\sally@homestore.122.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@pro-market[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@adserver.adtechus[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@ad.yieldmanager[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.cpcadnet[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.cpcadnet[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ad.yieldmanager[3].txt
    C:\Documents and Settings\Sally\Cookies\sally@at.atwola[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@track.supercoolprizes[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@tribalfusion[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@media.icims[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@adecn[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@yieldmanager[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@ar.atwola[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@media6degrees[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@atdmt[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@casalemedia[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@yadro[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@advertise[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@hearstmagazines.112.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@advertise[3].txt
    C:\Documents and Settings\Sally\Cookies\sally@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@serving-sys[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@lfstmedia[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@insightexpressai[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ads.appprizes[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@trafficmp[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@mediabrandsww[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ads.addynamix[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.burstbeacon[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@a1.interclick[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@112.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@content.yieldmanager[3].txt
    C:\Documents and Settings\Sally\Cookies\sally@content.yieldmanager[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@www3.webscanoverav.findhere[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@ads.lycos[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@media.adfrontiers[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@dc.tremormedia[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@yahoogroups.112.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@zedo[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ads.pointroll[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@legolas-media[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@overture[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@r1-ads.ace.advertising[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@collective-media[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@mm.chitika[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ad.adperium[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@adxpose[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@realmedia[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@clicksor[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@fastclick[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@yellowpages.112.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@doubleclick[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@statse.webtrendslive[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@lucidmedia[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ad.wsod[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@interclick[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@electronicarts.112.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@adbrite[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@counter.hitslink[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@imrworldwide[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@revsci[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@ru4[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@revsci[3].txt
    C:\Documents and Settings\Sally\Cookies\sally@homefinder[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@myroitracking[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@stats.manticoretechnology[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@countryliving[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@myfloridacounty[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@mediaplex[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@allegis.122.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@adserv.mywebtimes[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@statcounter[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@specificclick[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@msnbc.112.2o7[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.find-quick-results[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@apmebf[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@247realmedia[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@bs.serving-sys[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.burstnet[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@bizzclick[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@pointroll[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@bizzclick[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@traveladvertising[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@tacoda.at.atwola[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@ads.ad4game[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.countryliving[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@adinterax[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@cdn1.trafficmp[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@ads.undertone[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.countryliving[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@eyewonder[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@rotator.adjuggler[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.homefinder[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@perf.overture[1].txt
    .fastclick.net [ C:\Documents and Settings\Sally\Local
  6. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    sas log continued...

    Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .r1-ads.ace.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .bizzclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    www.find-quick-results.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .advertise.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    server.iad.liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
    .liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

    PUP.Whitesmoke
    HKLM\SOFTWARE\whitesmoketoolbar
    HKLM\SOFTWARE\whitesmoketoolbar#ieInstallPath

    Trojan.Agent/Gen-Kazy[Ico]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP778\A0289080.EXE

    Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP788\A0290607.DLL
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay- I hope you remembered to put in the check to remove found items!

    The 2 entries showing in System Volume are restore points. They are not active in the system. I will have you drop all of the old restore point and set a new clean on when the system is clean.
    =====================================
    Each of the following user accounts need to have the Cookies reset:
    Sally
    jackie
    Ann


    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    =======================================
    Someone came along and used the system and set their account up with name new c:\documents and settings\new\application data\Mozilla\extensions\ They put an extension on Firefox for gamevance. and most likely will be the user who is responsible for not removing it in Mbam. It appears that an extension to play sushi has been added to Firefox.

    I am a bit confused by your comment:
    Someone with access to the computer set up this account- how good a detective are you?

    Each user has their own SID This is the Security Identifier. The SID for the "new user" is:
    S-1-5-21-1390067357-602609370-682003330-1005 All the malware found in Mbam that is identified by name is the 'new user': c:\documents and settings\new\application data\.

    The format of an SID can be illustrated as follows:
    S-1-5-21-1390067357-602609370-682003330-1005 .
    S = The string is a SID
    1 = The revision level (the version of the SID specification)
    5 = The identifier authority value
    21-1390067357-602609370-682003330 = domain or local computer identifier
    1005 = a Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater.

    All of the trash that was found was on the account named new and it is that user who must have unchecked the removal of Play Sushi in Mbam.

    So if you're up to it, you or the Administrator need to find out who user new is and and delete the account. Possibly after that has been done we can finish removing the malware. There is also the possibility that the system has been hacked.
  8. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    when i go into user accounts, there is no "new" or jackie. jackie was a roomate a long time ago, and her account was deleted a year ago i think. the only users that show up are ann, sally and nick (my son). i dont see how jackie could still be showing up, or where the "new" user account came from but i cant access either one of them, because they arent visible in user accounts.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    If account Jackie was deleted a year ago and Cookies for that account are still on the system, then it appears that the system hasn't been maintained for deleting temporary internet files, Cookie, Disc cleanup, Error Check and Defrag. If it had the entries for the old accounts wouldn't be showing.

    I'm going to tell you what I see and you can decide what-if anything-to do about them. I do recommend though the each account resets the Cookies.

    Tracking Cookies and other Cookies: There are accounts for the following:
    Ann
    Administrator
    jackie
    Guest
    LocalService
    NetworkService
    Sally
    new

    The account for new shows visits to sites such as:
    static.sexsearch.com
    .porn.com
    .pornhub.com
    cc.gameadserve.com

    I don't see any entries for an account named Nick. That could mean one of 2 things: 1. He is maintaining his account well and not accumulating temporary internet files and Cookies. 2. Nick is working under an account isn't named Nick I do not have any further information on that.
    ===========================================
    Since you had SuperantiSpyware remove all the entries it found and hopefully you reset the Cookies on the accounts, it might be informative to run SAS again and see if anything is found.
  10. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    here is what i think happened. my son may have created the NEW user account and then deleted it without also deleting the files and folders for that user. same thing with jackies account. the account was deleted, but whoever deleted it opted to keep the files and folders. does that make sense? also, what i meant when i said " it wasnt anyone here..." was that when i ran malware bytes again, and looked at the files it found, playsushi was in there but it was automatically unchecked as to not delete those files, without me unchecking it. i am in the process of resetting cookies for each user account, and am going to run sas again. i ran a search of my c drive for docs & settings/jackie and for new and found a bunch of stuff for both. should i delete the files for those users since they are no longer active?
  11. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    one thing i just noticed while signing onto nicks user acct. all the files on his user acct ( pics, txt files, etc) are the same as the NEW user files i found in the search of my c drive... im so confused! apparently nick and new are the same user? ugh i dont know. im running the sas scan now and it is still finding files for gamevance in the regristry.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I gave you the information I saw from the log:
    It would seem that #2 would be the most logical. Everything in SAS should be checked for removal- no matter whose account it's on. After doing that, I suggest you reboot first, then run the following:

    Please download ATF Cleaner by Atribune

    • [1] Double-click ATF-Cleaner.exe to run the program.
      [2] Under Main choose: Select All
      [3] Click the Empty Selected button.

      If you use Firefox browser
      [1] Click Firefox at the top and choose:Select All
      [2] Click the Empty Selected button.
      [3] NOTE: If you would like to keep your saved passwords, please click No at the prompt.

      If you use Opera browser
      [1] Click Opera at the top and choose: Select All
      [2]Click the Empty Selected button.
      [3]NOTE: If you would like to keep your saved passwords, please click No at the prompt.

      Click Exit on the Main menu to close the program.

    ==========================================
    Reboot the computer.
    ==========================================
    Run SAS again.
  13. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    ok ive cleared out all cookies, installed and used the atf cleaner. i did use the atf cleaner then rebooted and used sas again, and it still finds tracking cookies even after i deleted them. dont know whats up with that. the one thing i didnt do was to install the two add ons for firefox. i dont really use it, but if its necessary for this cleaning process, then i will install them. ill be waiting to hear from you.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Do this for each of the accounts:

    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    This is optional:
    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    ===============================
    Would you like to share the rescan of SAS log?
  15. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/03/2011 at 11:02 PM

    Application Version : 4.55.1000

    Core Rules Database Version : 7369
    Trace Rules Database Version: 5181

    Scan type : Complete Scan
    Total Scan Time : 01:53:26

    Memory items scanned : 476
    Memory threats detected : 0
    Registry items scanned : 7894
    Registry threats detected : 0
    File items scanned : 31908
    File threats detected : 7

    Adware.Tracking Cookie
    C:\Documents and Settings\Sally\Cookies\sally@citi.bridgetrack[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@dc.tremormedia[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@realmedia[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@homefinder[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@adserv.mywebtimes[2].txt
    C:\Documents and Settings\Sally\Cookies\sally@247realmedia[1].txt
    C:\Documents and Settings\Sally\Cookies\sally@www.homefinder[1].txt
  16. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    no matter what i do, im going to get tracking cookies, right? is it better to use firefox? i like ie better, and firefox doesnt let me into some websites i need to go to. i did reset cookies, and change settings for cookies on ie and on firefox. what to do next?
  17. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    i also have 2 other questions for you. i dont know if this has anything to do with viruses or spyware or any of that, but i am unable to update windows. when i try it says they all failed. the icon is constantly there in the taskbar. also, my video quality is very sloooow. or maybe its flash? i dont know. when i try to play a video or play a game, it lags big time. i know it used to work fine, but for the last few months its been awful. sorry i know these have nothing to do with my present problems, but im just wondering if they might?
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    No. If you have the Cookies reset properly and have good security, you can stop ALL the Tracking Cookies! These are 3rd Party Cookies- they come from the ads, images, banners. Most site require you to get the site Cookie- this is not the Tracking Cookie>>>> except in instances like the sites Joe is going to. Any Cookies from those types of site are going to leave nasty Cookies on the system!

    Cookies are left when you register, input user name and password for a site. This board leaves a Cookie on the system so it will recognize you when you come back. That is a "First Party Cookie."
    Site Cookie= 1st Party Cookie

    But the site also has advertisements on it- some may be embedded in banners or images. These are 3rd Party Cookies. Most 3rd Party Cookies will track you in some way- where you shop, how often you access a site. But if a site is bad such as porn, sex, fraudulent or no Privacy Statement, then any Cookie it leave should be considered undesirable.

    I use Firefox exclusively and have for the last 5 years or so. There have only been a couple of sites over the years that require IE exclusively. I think Firefox is a safer browser than IE. I have AdBlockPlus and Easy List. I do not get any Tracking Cookies. I get 'site cookies' for those sites I visit. They are 1st Party
    ====================================
    About the Windows Updates: IF you have a failed update, new updates won't installed. Please refer to the information here for help: http://support.microsoft.com/kb/822798
    ====================================
    Check the Audio and Video Forum for the video problem.
    I doubt is has anything to do with the current problem you had.
    ======================================
    Depending on the age of your son and how much control you want to have on his surfing habits, you might want to look into setting some restrictions for site visited. Open Internet Options in either Tools in IE or in the Control Panel> Select Content tab> Click on Enable for Content Advisor and place the setting you want to block.
    Consider blocking these: the account for new shows visits to sites such as:
    static.sexsearch.com
    .porn.com
    .pornhub.com
    cc.gameadserve.com
     
  19. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    i did reset cookies like you told me to, blocking 3rd party cookies. the only sites i go to every day and facebook and a couple others. but sas is still finding what it sees as a threat. my son is 13, so yes, i will be looking into it. my mom has to use ie for unemployment, but i dont really have to use it, im just not used to firefox. ok, so now that we have the cookies thing explained, what to do next? lol. im looking into fixing the video thing through the forum here. i like this site. the computer is running almost 100% better except for the slow video thing which is really annoying me because i do use the computer to watch movies and play a few games. it slows down like 5 minutes into a game or movie so bad that i have to stop it. i did download a graphics driver, but its not helping. grr!
  20. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    hey there bobbye. just checking in, still waiting to hear from you as to what to do next. i thought you had said something before about uninstalling one of the programs you had me install or something like that to get rid of the boot sector virus. or am i finished? lol. just let me know when you get time. thanks! :)
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Sorry- no notice again.

    I'd like you to repeat this scan. If it is still on your desktop, you can use it, but you must update first. Also note, you will do the Full Scan this time.
    Please Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    ==========================================
    Then update and repeat this:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  22. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    Malware Bytes found 0 Threats but here's the txt from ESET scan. Seems like Java is a culprit once again! rawr!!!

    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\18f94b81-16e7e569 Java/TrojanDownloader.OpenStream.NCA trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\c255e4c-7d5f514b multiple threats
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\7b09de1e-3a849c7e Java/TrojanDownloader.OpenStream.NBW trojan
    C:\Documents and Settings\Sally\Application Data\Sun\Java\Deployment\cache\6.0\62\4bd616be-1a785ef6 Java/Agent.BB trojan
    C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266938.dll a variant of Win32/Toolbar.MyWebSearch.A application
    C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266943.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
    C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266944.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
    C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266950.dll a variant of Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP768\A0266954.dll a variant of Win32/Toolbar.MyWebSearch.P application
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Where is the Malwarebytes log?
  24. amb913

    amb913 Newcomer, in training Topic Starter Posts: 47

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7092

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/12/2011 7:47:00 PM
    mbam-log-2011-07-12 (19-47-00).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 344875
    Time elapsed: 1 hour(s), 49 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay- it appears these may be on the 'Sally' account:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\18f94b81-16e7e569 
      C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\c255e4c-7d5f514b 
      C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\7b09de1e-3a849c7e 
      C:\Documents and Settings\Sally\Application Data\Sun\Java\Deployment\cache\6.0\62\4bd616be-1a785ef6 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===========================================
    Then do this again also:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===============================================
    The main offender here is the Java/TrojanDownloader.Agent.NCA. It is a trojan which tries to download other malware from the Internet. It is written in Java. It may be invoked when visiting a malicious website by referencing a malicious Java class file within a Java archive file (.JAR).
    ===============================================
    To help prevent this:
    1. Be sure only the most current Java version is on the system. Right now that is Java v6u26, Update do not overwrite the old version, so outdated versions need to be removed in Add/Remove Programs.

    Additionally, you do not need to add a separate extension for Java in Firefox. And if any versions remain there, they should be removed.

    2. Tighten the security: I hope you can read my shorthand below. Your versions of IE and FF may be slightly different so lt me know if you have a question.
    For Internet Explorer:
    Open Internet Options either through Tools in IE or the Control Panel: Choose the Security tab> Internet> Custom Level> Set as follows:

    E= Enable, P= Prompt, D= Disable:
    Active X:
    Auto Prompt> E
    Binary> E
    Download signed> E
    DL unsigned> P
    Init. &script not safe> Disable
    Run Active X controls & plug ins> E
    Script ActiveX marked safe> E

    Download:
    Auto prompt> E
    File DL> E
    Font DL> E

    MISC:
    Access data across domain> E
    Allow META Ref> E
    Allow scripting of IE> DISABLE
    Allow script init. Windows> E
    Allow web page to use... P
    Display mix. Cont> P
    Don't prompt for cert> E
    Drag & drop> E
    Init. desktop items> E
    Launch programs in IFrame> E
    Navigate sub frame> E
    Open folder..content> E

    SOFTWARE Permission Channel> Low

    Font DL> E
    Submit non-encrypt> E
    Pop-up Blocker> E
    User Date perm> E
    Web sites in less priv> P

    Scripting:
    Active> E
    Allow paste> E
    Script Java> P

    User Authentication
    Check "Auto-logon with current user name and password."

    Click on Apply when finished, then OK.
    ===========================================
    For Firefox:
    Tools> Options> Security section> Check Warn me...> Check 'block att sites> Check 'block web sites known as fraudulent.
    Warning Messages> Settings> Check 'I am about to view page using low encryption'> Check 'I am about to view a page with encryption that has some unencrypted.'
    ===========================================
    The settings above can be changed to suit your needs of needed.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.