also @ TechSpot: Intel says Haswell will improve battery life by 50 percent

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Boot sector virus : mbr:// physicaldrive0

Discussion in 'Virus and Malware Removal' started by amb913, Jun 14, 2011.

Page 2 of 3

Bobbye Helper on the Fringe Posts: 16,406 +16

Don't worry about it. We'll run another scan later. Please continue with my directions.

Bobbye, Jun 22, 2011

#21
amb913 Newcomer, in training Posts: 47

i made the txt file and dragged it into combo fix, then ran the combo fix and it restarted my computer. it was making a log but my avast anti virus restarted when combofix restarted my comp. avast wanted to open combo fix in a sandbox. i clicked ok, but then the computer froze while combofix was preparing the log so i had to restart it. ugh. so, should i copy the script into a txt file again and run it again? im not doing anything else until i hear from you, i dont want to mess things up if they arent already messed up. also, should i disable my avast anti virus from start up so that this doesnt happen again when i run combofix next time since im not supposed to run any programs or anti virus while combofix is running?

amb913, Jun 22, 2011

#22
amb913 Newcomer, in training Posts: 47

new combofix log

ComboFix 11-06-22.02 - Ann 06/22/2011 22:04:34.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1519.1125 [GMT -5:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ann\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\new\locals~1\temp\u\1285210895\ntportio.sys"
"c:\documents and settings\Sally\Local Settings\Application Data\BIT7.tmp"
"c:\program files\LimeWire\LimeWire.exe"
"c:\program files\viewpoint\common\viewpointservice.exe"
"c:\program files\viewpoint\viewpoint media player\npViewpoint.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\dtx.ini
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\guid.dat
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\setupCfg.xml
c:\documents and settings\new\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\new\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\new\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\new\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\new\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\new\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\new\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\new\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\new\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\new\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\new\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\new\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\new\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\new\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\new\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\new\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\new\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\new\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\new\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\new\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\new\Application Data\alot\configurator\configurator.xml
c:\documents and settings\new\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\new\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\new\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\new\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\new\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\new\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\new\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\new\Application Data\alot\products\products.xml
c:\documents and settings\new\Application Data\alot\products\products.xml.backup
c:\documents and settings\new\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\new\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\new\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\new\Application Data\alot\Resources\Button_2\images\default_1108_alot_games_search.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_2\images\default_1108_alot_games_search.png
c:\documents and settings\new\Application Data\alot\Resources\Button_3\images\default_1377_default_1174_alot_gam_gamenews.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_3\images\default_1377_default_1174_alot_gam_gamenews.png
c:\documents and settings\new\Application Data\alot\Resources\Button_4\images\default_1200_alot_gam_vidgamenews.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_4\images\default_1200_alot_gam_vidgamenews.png
c:\documents and settings\new\Application Data\alot\Resources\Button_5\images\default_1580_www.gamespot.com_button.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_5\images\default_1580_www.gamespot.com_button.png
c:\documents and settings\new\Application Data\alot\Resources\Button_6\images\default_1581_alot_mrkt_amazon.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_6\images\default_1581_alot_mrkt_amazon.png
c:\documents and settings\new\Application Data\alot\Resources\Button_7\images\default_1602_alot_mrkt_livinghealthy.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_7\images\default_1602_alot_mrkt_livinghealthy.png
c:\documents and settings\new\Application Data\alot\Resources\Button_8\images\default_1041_default_1045_alot_mrkt_readersdigest.bmp
c:\documents and settings\new\Application Data\alot\Resources\Button_8\images\default_1041_default_1045_alot_mrkt_readersdigest.png
c:\documents and settings\new\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\new\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\new\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\new\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\new\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\new\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\new\Application Data\alot\toolbar.xml
c:\documents and settings\new\Application Data\alot\toolbar.xml.backup
c:\documents and settings\new\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\new\Application Data\alot\Updater\Updater.xml
c:\documents and settings\new\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Sally\Local Settings\Application Data\BIT7.tmp
c:\found.000\file0000.chk
c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\mbr0000\object.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\object.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0001.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0006.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0007.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0007.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0008.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0008.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0009.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0009.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0010.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0010.ini
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0011.dta
c:\tdsskiller_quarantine\20.06.2011_15.17.47\boot0000\tdlfs0000\tsk0011.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_ntportio
-------\Service_Viewpoint Manager Service
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-21 15:14 . 2011-06-21 15:16 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Roblox
2011-06-20 23:19 . 2011-06-20 23:19 -------- d-----w- c:\program files\ESET
2011-06-20 01:10 . 2011-06-20 01:10 -------- d-----w- c:\documents and settings\Ann\Application Data\InstallShield
2011-06-19 23:40 . 2011-06-19 23:47 -------- d-----w- c:\documents and settings\Ann\Application Data\FixCleaner
2011-06-17 08:23 . 2011-06-17 08:23 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-06-16 19:53 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 21:02 . 2011-06-14 21:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-06-14 20:31 . 2011-06-14 20:31 -------- d-----w- c:\documents and settings\Ann\Application Data\Malwarebytes
2011-06-14 20:31 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-14 20:31 . 2011-06-14 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-14 20:31 . 2011-06-14 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-14 20:31 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-14 06:03 . 2011-06-14 06:03 -------- d-----w- c:\documents and settings\Ann\Application Data\vmntemplate
2011-06-12 22:33 . 2011-06-12 22:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-06-05 20:43 . 2011-06-05 20:44 -------- d-----w- c:\documents and settings\Sally\Local Settings\Application Data\Roblox
2011-05-30 22:53 . 2011-05-30 22:53 -------- d-----w- c:\documents and settings\Sally\Application Data\vmntemplate
2011-05-30 22:53 . 2011-06-07 13:14 -------- d-----w- c:\documents and settings\Sally\Application Data\whitesmoketoolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 03:15 . 2011-05-15 21:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 21:51 . 2011-05-10 21:51 388096 ----a-r- c:\documents and settings\Sally\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-10 12:10 . 2011-05-11 02:22 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-05-11 02:22 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-11 02:22 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-05-11 02:22 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-05-11 02:22 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-05-11 02:22 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-05-11 02:22 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-05-11 02:22 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-05-11 02:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-05-11 02:22 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2008-10-13 18:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-01 05:30 . 2011-05-01 05:30 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-05 16:03 . 2009-01-25 21:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-05 16:03 . 2009-01-25 21:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-21 05:45 . 2011-06-21 05:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Ann\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
.
c:\documents and settings\new\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
SanDisk Media Manager.lnk - [N/A]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-05-29 14:11 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"NBService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\Hpqdirec.exe"=
"c:\\Documents and Settings\\Sally\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Ann\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"7302:TCP"= 7302:TCP:spport
"7933:TCP"= 7933:TCP:spport
"25185:TCP"= 25185:TCP:spport
"12709:TCP"= 12709:TCP:spport
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/10/2011 9:22 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/10/2011 9:22 PM 307928]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [12/17/2003 3:41 PM 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/10/2011 9:22 PM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/14/2011 3:31 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/14/2011 3:31 PM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 9:50 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 9:50 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/14/2011 3:31 PM 39984]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2010-04-17 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4238034746.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 02:49]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 02:49]
.
2011-06-22 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-06-17 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-602609370-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-602609370-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-602609370-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-602609370-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-06-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-602609370-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-06-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-602609370-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-06-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-602609370-682003330-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-602609370-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-06-23 c:\windows\Tasks\User_Feed_Synchronization-{F40D76E2-EDB6-4822-942F-381290BAA316}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 24.217.0.5 24.217.201.67 68.113.206.10
FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\6biwtmo5.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-22 22:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-22 22:42:01
ComboFix-quarantined-files.txt 2011-06-23 03:41
ComboFix2.txt 2011-06-20 23:08
.
Pre-Run: 73,764,737,024 bytes free
Post-Run: 73,802,522,624 bytes free
.
- - End Of File - - CEF555C07022D181831867323D8E61FF

amb913, Jun 23, 2011

#23
amb913 Newcomer, in training Posts: 47

otm log

All processes killed
========== FILES ==========
File/Folder c:\documents and settings\ann\application data\whitesmoketoolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 42276 bytes

User: All Users

User: Ann
->Temp folder emptied: 10434215 bytes
->Temporary Internet Files folder emptied: 12627995 bytes
->Java cache emptied: 15088 bytes
->FireFox cache emptied: 94403238 bytes
->Google Chrome cache emptied: 7814998 bytes
->Flash cache emptied: 139448 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: jackie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 10926993 bytes
->Flash cache emptied: 7330 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 8454278 bytes
->Flash cache emptied: 43607 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 84618 bytes
->Flash cache emptied: 106158 bytes

User: new
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5243058 bytes
->Java cache emptied: 43629546 bytes
->FireFox cache emptied: 49783626 bytes
->Flash cache emptied: 149155 bytes

User: Sally
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 248356617 bytes
->FireFox cache emptied: 81315229 bytes
->Google Chrome cache emptied: 17632275 bytes
->Flash cache emptied: 46622 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52419 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 569.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 06222011_235049

amb913, Jun 23, 2011

#24
Bobbye Helper on the Fringe Posts: 16,406 +16

I need to clarify this. You are collecting malware between play sushi and gamvance.com Mbam found the following entries:

c:\documents and settings\new\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\new\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\new\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Not selected for removal.

But it appears that you unchecked them so as not to remove the entries.

But on the other hand, Mbam did remove all entries for the following:

c:\documents and settings\new\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Now it seems to me that it's useless to keep removing adware/spyware from gamevance if you go there to play sushi!

Bobbye, Jun 25, 2011

#25

amb913 Newcomer, in training Posts: 47

it must be my mom or my son going there because i dont use any of those sites. i removed the toolbars, removed programs, set the computer back to no remote access and ran all the programs you told me to run. i will ask my mom and son about sushi or whatever it is. anything else i need to do? my avast anti virus scans are only picking up files in a folder called Qoobox. dont know what that is. also, i didnt unselect anything from removal from malware bytes.

amb913, Jun 25, 2011

#26

amb913 Newcomer, in training Posts: 47

i ran malwarebytes again to see what was up and it found the playsushi thing again and it was unchecked without anyone unchecking it. so it wasnt me or anyone here. lol. i have informed my mom and my son not to download anything, and if they do to make sure to uncheck any extra programs or toolbars that might be included with the download. no one is downloading anything anytime soon though. my computer is running alot better, not freezing up at all. i dont know if im done with the cleaning process though ( i doubt it ), until i hear from you. thank you sooo much for taking the time to help me! ill be waiting to hear from you.

amb913, Jun 26, 2011

#27
amb913 Newcomer, in training Posts: 47

i keep forgetting to ask, is it okay to delete the 2 files :
c:\q00box\quarantine\c\...\tsk0000.dta.vir MBR:Alureon B
c:\q00box\quarantine\c\...\tsk0000.dta.vir MBR:Alureon G

they show up as the only 2 threats when i scan with avast.

amb913, Jun 27, 2011

#28
Bobbye Helper on the Fringe Posts: 16,406 +16
When you uninstall Combofix below, it will remove the program and the Qoobox files. Until then, the AV programs usually continue to show the malware entries no matter what the location! It causes a lot of confusion to the users.
====================================
Let's run Superantispyware and see who is using this process. Note: Important that you follow the 'check everything' line:

SuperAntiSpyware Home Edition Free Version

Please download SuperAntiSpyware from HERE

Launch SuperAntiSpyware and click on 'Check for updates'.

Wait for the updates to be installed

On the main screen click on 'Scan your computer'.

Check: 'Perform Complete Scan then Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.

Make sure everything found has a checkmark next to it, then press 'Next'.

Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

Click on 'Preferences'.

Click on the 'Statistics/Logs' tab.

Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
===================================
Leave the log for me in your next reply.
gamevance.com is the domain of the site where they play sushi. Once we find who is going there, the domain can be blocked in their browser.
Bobbye, Jun 27, 2011

#29
amb913 Newcomer, in training Posts: 47

sas log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/27/2011 at 10:18 PM

Application Version : 4.54.1000

Core Rules Database Version : 7340
Trace Rules Database Version: 5152

Scan type : Complete Scan
Total Scan Time : 02:06:31

Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 8426
Registry threats detected : 7
File items scanned : 31733
File threats detected : 577

Adware.Gamevance
HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
HKCR\CLSID\{7370F91F-6994-4595-9949-601FA2261C8D}
HKU\S-1-5-21-1390067357-602609370-682003330-1005\Software\gvtl

Adware.Tracking Cookie
C:\Documents and Settings\Ann\Cookies\ann@pro-market[1].txt
C:\Documents and Settings\Ann\Cookies\ann@imrworldwide[3].txt
C:\Documents and Settings\Ann\Cookies\ann@indieclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tacoda.at.atwola[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Ann\Cookies\ann@pointroll[3].txt
C:\Documents and Settings\Ann\Cookies\ann@velmedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.pubmatic[1].txt
C:\Documents and Settings\Ann\Cookies\ann@optimize.indieclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@segment-pixel.invitemedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@serving-sys[1].txt
C:\Documents and Settings\Ann\Cookies\ann@2o7[1].txt
C:\Documents and Settings\Ann\Cookies\ann@media6degrees[1].txt
C:\Documents and Settings\Ann\Cookies\ann@apmebf[1].txt
C:\Documents and Settings\Ann\Cookies\ann@friendquestions[1].txt
C:\Documents and Settings\Ann\Cookies\ann@adserver.adtechus[2].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.foodbuzz[1].txt
C:\Documents and Settings\Ann\Cookies\ann@technoratimedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@insightexpressai[2].txt
C:\Documents and Settings\Ann\Cookies\ann@legolas-media[1].txt
C:\Documents and Settings\Ann\Cookies\ann@lucidmedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@fastclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@myfloridacounty[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.bridgetrack[1].txt
C:\Documents and Settings\Ann\Cookies\ann@collective-media[4].txt
C:\Documents and Settings\Ann\Cookies\ann@yadro[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adinterax[1].txt
C:\Documents and Settings\Ann\Cookies\ann@eset.122.2o7[1].txt
C:\Documents and Settings\Ann\Cookies\ann@media.adfrontiers[1].txt
C:\Documents and Settings\Ann\Cookies\ann@interclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad1.adtitan[2].txt
C:\Documents and Settings\Ann\Cookies\ann@statcounter[2].txt
C:\Documents and Settings\Ann\Cookies\ann@www.trackimizer[1].txt
C:\Documents and Settings\Ann\Cookies\ann@questionmarket[1].txt
C:\Documents and Settings\Ann\Cookies\ann@adserv.mywebtimes[1].txt
C:\Documents and Settings\Ann\Cookies\ann@yieldmanager[1].txt
C:\Documents and Settings\Ann\Cookies\ann@www.googleadservices[2].txt
C:\Documents and Settings\Ann\Cookies\ann@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\Ann\Cookies\ann@a1.interclick[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[5].txt
C:\Documents and Settings\Ann\Cookies\ann@adbrite[1].txt
C:\Documents and Settings\Ann\Cookies\ann@s.clickability[2].txt
C:\Documents and Settings\Ann\Cookies\ann@advertising[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adserver.adreactor[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.ad4game[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adxpose[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.belointeractive[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.velmedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@specificclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@adserving.versaneeds[1].txt
C:\Documents and Settings\Ann\Cookies\ann@mediabrandsww[2].txt
C:\Documents and Settings\Ann\Cookies\ann@hpi.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adtechus[1].txt
C:\Documents and Settings\Ann\Cookies\ann@doubleclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[2].txt
C:\Documents and Settings\Ann\Cookies\ann@zedo[1].txt
C:\Documents and Settings\Ann\Cookies\ann@invitemedia[3].txt
C:\Documents and Settings\Ann\Cookies\ann@atdmt[2].txt
C:\Documents and Settings\Ann\Cookies\ann@bizzclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ar.atwola[2].txt
C:\Documents and Settings\Ann\Cookies\ann@surveyfindweb[2].txt
C:\Documents and Settings\Ann\Cookies\ann@in.getclicky[1].txt
C:\Documents and Settings\Ann\Cookies\ann@at.atwola[3].txt
C:\Documents and Settings\Ann\Cookies\ann@rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\Ann\Cookies\ann@redorbit[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.zanox[1].txt
C:\Documents and Settings\Ann\Cookies\ann@kontera[1].txt
C:\Documents and Settings\Ann\Cookies\ann@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ru4[2].txt
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[4].txt
C:\Documents and Settings\Ann\Cookies\ann@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[7].txt
C:\Documents and Settings\Ann\Cookies\ann@adultfriendfinder[1].txt
C:\Documents and Settings\Ann\Cookies\ann@mm.chitika[1].txt
C:\Documents and Settings\Ann\Cookies\ann@bs.serving-sys[2].txt
C:\Documents and Settings\Ann\Cookies\ann@supremeadserver[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.cinejam[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.adperium[1].txt
C:\Documents and Settings\Ann\Cookies\ann@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@steelhousemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
a.ads2.msads.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
adbureau.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
ads2.msads.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
cdn4.specificclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
convoad.technoratimedia.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
core.insightexpressai.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
crackle.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
ia.media-imdb.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
interclick.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
m1.2mdn.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media-0.phonezoo.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media-macys.pictela.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.ebaumsworld.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.jambocast.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.mtvnservices.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.resulthost.org [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.scanscout.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.tattomedia.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media.theonion.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media01.kyte.tv [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media1.break.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
media1.clubpenguin.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
mediaplex.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
objects.tremormedia.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
s0.2mdn.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
udn.specificclick.net [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
www.ttylmedia.info [ C:\Documents and Settings\Ann\Application Data\Macromedia\Flash Player\#SharedObjects\V4G3THDG ]
C:\Documents and Settings\Ann\Cookies\ann@web4.realtracker[1].txt
C:\Documents and Settings\Ann\Cookies\ann@specificmedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[1].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\ann@adserver.adtechus[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\ann@advertise[2].txt
C:\Documents and Settings\Ann\Cookies\ann@at.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\ann@www.burstbeacon[1].txt
C:\Documents and Settings\Ann\Cookies\ann@media6degrees[2].txt
C:\Documents and Settings\Ann\Cookies\ann@collective-media[1].txt
C:\Documents and Settings\Ann\Cookies\ann@cdn4.specificclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@collective-media[3].txt
C:\Documents and Settings\Ann\Cookies\ann@www.googleadservices[1].txt
C:\Documents and Settings\Ann\Cookies\ann@www.tracklead[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tacoda.at.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\ann@a1.interclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[3].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[1].txt
C:\Documents and Settings\Ann\Cookies\ann@atdmt[1].txt
C:\Documents and Settings\Ann\Cookies\ann@atwola[1].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[4].txt
C:\Documents and Settings\Ann\Cookies\ann@content.yieldmanager[5].txt
C:\Documents and Settings\Ann\Cookies\ann@counter.surfcounters[1].txt
C:\Documents and Settings\Ann\Cookies\ann@doubleclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@emediatrack[2].txt
C:\Documents and Settings\Ann\Cookies\ann@eyewonder[2].txt
C:\Documents and Settings\Ann\Cookies\ann@imrworldwide[2].txt
C:\Documents and Settings\Ann\Cookies\ann@insightexpressai[1].txt
C:\Documents and Settings\Ann\Cookies\ann@invitemedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Ann\Cookies\ann@mediaplex[1].txt
C:\Documents and Settings\Ann\Cookies\ann@pointroll[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ru4[1].txt
C:\Documents and Settings\Ann\Cookies\ann@segment-pixel.invitemedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@serving-sys[2].txt
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[3].txt
C:\Documents and Settings\Ann\Cookies\ann@www.find-quick-results[1].txt
C:\Documents and Settings\Ann\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\Ann\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\Ann\Cookies\system@xml.trafficengine[1].txt
C:\Documents and Settings\Ann\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@advertise[2].txt
C:\Documents and Settings\Ann\Cookies\system@ads.bighealthtree[1].txt
C:\Documents and Settings\Ann\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\Ann\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\Ann\Cookies\system@2o7[1].txt
C:\Documents and Settings\Ann\Cookies\system@interclick[2].txt
C:\Documents and Settings\Ann\Cookies\system@advertise[1].txt
C:\Documents and Settings\Ann\Cookies\system@ru4[2].txt
C:\Documents and Settings\Ann\Cookies\system@ru4[1].txt
C:\Documents and Settings\Ann\Cookies\system@adbrite[2].txt
C:\Documents and Settings\Ann\Cookies\system@adbrite[1].txt
C:\Documents and Settings\Ann\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\Ann\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\Ann\Cookies\system@ads.financialcontent[1].txt
C:\Documents and Settings\Ann\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\Ann\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\system@tacoda.at.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\Ann\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\Ann\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\Ann\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\system@realmedia[3].txt
C:\Documents and Settings\Ann\Cookies\system@realmedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\Ann\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\system@search.321findit[1].txt
C:\Documents and Settings\Ann\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\Ann\Cookies\system@a1.interclick[2].txt
C:\Documents and Settings\Ann\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\Ann\Cookies\system@at.atwola[1].txt
C:\Documents and Settings\Ann\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\Ann\Cookies\system@revsci[2].txt
C:\Documents and Settings\Ann\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\Ann\Cookies\system@search.amazeclick[1].txt
C:\Documents and Settings\Ann\Cookies\system@pointroll[1].txt
C:\Documents and Settings\Ann\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\Ann\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\Ann\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\Ann\Cookies\system@collective-media[1].txt
C:\Documents and Settings\Ann\Cookies\system@serving-sys[2].txt
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.find-quick-results.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
click.scour.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.peoplefinders.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.service.liveperson.net [ C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
C:\Documents and Settings\Guest\Cookies\guest@avgtechnologies.112.2o7[1].txt
bannerfarm.ace.advertising.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
interclick.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
media.tattomedia.com [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
udn.specificclick.net [ C:\Documents and Settings\jackie\Application Data\Macromedia\Flash Player\#SharedObjects\YADQVFRE ]
C:\Documents and Settings\jackie\Cookies\jackie@interclick[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ads.bridgetrack[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@tdstats[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ad.yieldmanager[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ehg-starbucks.hitbox[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@www.burstbeacon[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@stats.gamestop[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@adopt.specificclick[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@specificmedia[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@adserv.mywebtimes[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@adserver.adtechus[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@eb.adbureau[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@cb.adbureau[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@viacom.adbureau[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@media6degrees[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@media.photobucket[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@collective-media[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@apmebf[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@samsclub.112.2o7[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@www.burstnet[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@specificclick[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ads.monster[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@ads.pointroll[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@imrworldwide[2].txt
C:\Documents and Settings\jackie\Cookies\jackie@insightexpressai[1].txt
C:\Documents and Settings\jackie\Cookies\jackie@revsci[2].txt
cdn.eyewonder.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
convoad.technoratimedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
convoad.technoratimedia.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
ds.serving-sys.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media.heavy.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media.kyte.tv [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
msnbcmedia.msn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
sftrack.searchforce.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\RDBRSZX9 ]
cdn.eyewonder.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
demo.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
ds.serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
ec.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
ictv-dread-ec.indieclicktv.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.bimvid.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.kyte.tv [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.oprah.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
origin-media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
sftrack.searchforce.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
spe.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\5PU3ZGZL ]
a.ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
ads1.msn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
b.ads2.msads.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
cdn.insights.gravity.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
cdn4.specificclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
convoad.technoratimedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
core.insightexpressai.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
ec.atdmt.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
fastclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
googleads.g.doubleclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
interclick.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
m1.2mdn.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media-0.phonezoo.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.ebaumsworld.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.mtvnservices.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.resulthost.org [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.scanscout.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.socialvi.be [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media.tattomedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media1.break.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
media1.clubpenguin.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
mediastore.verizonwireless.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
memecounter.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
msnbcmedia.msn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
s0.2mdn.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
secure-us.imrworldwide.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
spe.atdmt.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
speed.pointroll.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
static.sexsearch.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
udn.specificclick.net [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
www.crackle.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
www.naiadsystems.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
www.porn.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
www.pornhub.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
yo.static.presidiomedia.com [ C:\Documents and Settings\new\Application Data\Macromedia\Flash Player\#SharedObjects\SQVYBVLU ]
C:\Documents and Settings\new\Cookies\new@e-2dj6wjkywjcziep.stats.esomniture[2].txt
C:\Documents and Settings\new\Cookies\new@e-2dj6aekisid5elo.stats.esomniture[1].txt
C:\Documents and Settings\new\Cookies\new@apmebf[1].txt
C:\Documents and Settings\new\Cookies\new@cdn1.trafficmp[2].txt
C:\Documents and Settings\new\Cookies\new@invitemedia[4].txt
C:\Documents and Settings\new\Cookies\new@ads.cpxadroit[2].txt
C:\Documents and Settings\new\Cookies\new@collective-media[2].txt
C:\Documents and Settings\new\Cookies\new@ads.whaleads[2].txt
C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[1].txt
C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[2].txt
C:\Documents and Settings\new\Cookies\new@ads.bridgetrack[4].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[1].txt
C:\Documents and Settings\new\Cookies\new@www.burstnet[1].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[3].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[2].txt
C:\Documents and Settings\new\Cookies\new@specificclick[1].txt
C:\Documents and Settings\new\Cookies\new@ad.yieldmanager[3].txt
C:\Documents and Settings\new\Cookies\new@pornhub[2].txt
C:\Documents and Settings\new\Cookies\new@interclick[2].txt
C:\Documents and Settings\new\Cookies\new@adecn[1].txt
C:\Documents and Settings\new\Cookies\new@statcounter[1].txt
C:\Documents and Settings\new\Cookies\new@network.realmedia[1].txt
C:\Documents and Settings\new\Cookies\new@www.googleadservices[6].txt
C:\Documents and Settings\new\Cookies\new@media6degrees[1].txt
C:\Documents and Settings\new\Cookies\new@ads.intergi[1].txt
C:\Documents and Settings\new\Cookies\new@insightexpressai[3].txt
C:\Documents and Settings\new\Cookies\new@insightexpressai[1].txt
C:\Documents and Settings\new\Cookies\new@e-2dj6wnkysjczkco.stats.esomniture[2].txt
C:\Documents and Settings\new\Cookies\new@a1.interclick[2].txt
C:\Documents and Settings\new\Cookies\new@a1.interclick[3].txt
C:\Documents and Settings\new\Cookies\new@abovetracking[2].txt
C:\Documents and Settings\new\Cookies\new@ad.yieldmanager[1].txt
C:\Documents and Settings\new\Cookies\new@advertising[2].txt
C:\Documents and Settings\new\Cookies\new@affiliate.revenueads[2].txt
C:\Documents and Settings\new\Cookies\new@apmebf[3].txt
C:\Documents and Settings\new\Cookies\new@azjmp[1].txt
C:\Documents and Settings\new\Cookies\new@cdn4.specificclick[2].txt
C:\Documents and Settings\new\Cookies\new@cc.gameadserve[2].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[4].txt
C:\Documents and Settings\new\Cookies\new@content.yieldmanager[5].txt
C:\Documents and Settings\new\Cookies\new@diablomedia[1].txt
C:\Documents and Settings\new\Cookies\new@doubleclick[1].txt
C:\Documents and Settings\new\Cookies\new@gr.burstnet[1].txt
C:\Documents and Settings\new\Cookies\new@insightexpressai[2].txt
C:\Documents and Settings\new\Cookies\new@invitemedia[2].txt
C:\Documents and Settings\new\Cookies\new@invitemedia[1].txt
C:\Documents and Settings\new\Cookies\new@kontera[2].txt
C:\Documents and Settings\new\Cookies\new@lgelectronics.122.2o7[1].txt
C:\Documents and Settings\new\Cookies\new@lynxtrack[1].txt
C:\Documents and Settings\new\Cookies\new@mediastore.verizonwireless[1].txt
C:\Documents and Settings\new\Cookies\new@oasn04.247realmedia[2].txt
C:\Documents and Settings\new\Cookies\new@server.cpmstar[2].txt
C:\Documents and Settings\new\Cookies\new@serving-sys[2].txt
8tracks.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
ads2.msads.net [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
adserv.mywebtimes.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
b.ads2.msads.net [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
msnbcmedia.msn.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
spe.atdmt.com [ C:\Documents and Settings\Sally\Application Data\Macromedia\Flash Player\#SharedObjects\GWBY9BAS ]
C:\Documents and Settings\Sally\Cookies\sally@www.icityfind[1].txt
C:\Documents and Settings\Sally\Cookies\sally@invitemedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adtechus[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.bridgetrack[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.pubmatic[2].txt
C:\Documents and Settings\Sally\Cookies\sally@advertising[2].txt
C:\Documents and Settings\Sally\Cookies\sally@citi.bridgetrack[2].txt
C:\Documents and Settings\Sally\Cookies\sally@questionmarket[2].txt
C:\Documents and Settings\Sally\Cookies\sally@adserving.versaneeds[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.clickmanage[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[3].txt
C:\Documents and Settings\Sally\Cookies\sally@homestore.122.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@pro-market[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adserver.adtechus[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.trackimizer[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.yieldmanager[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.cpcadnet[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.cpcadnet[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.yieldmanager[3].txt
C:\Documents and Settings\Sally\Cookies\sally@at.atwola[2].txt
C:\Documents and Settings\Sally\Cookies\sally@track.supercoolprizes[2].txt
C:\Documents and Settings\Sally\Cookies\sally@tribalfusion[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media.icims[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adecn[1].txt
C:\Documents and Settings\Sally\Cookies\sally@yieldmanager[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ar.atwola[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media6degrees[1].txt
C:\Documents and Settings\Sally\Cookies\sally@atdmt[1].txt
C:\Documents and Settings\Sally\Cookies\sally@casalemedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@yadro[1].txt
C:\Documents and Settings\Sally\Cookies\sally@advertise[2].txt
C:\Documents and Settings\Sally\Cookies\sally@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@advertise[3].txt
C:\Documents and Settings\Sally\Cookies\sally@msnportal.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@serving-sys[1].txt
C:\Documents and Settings\Sally\Cookies\sally@lfstmedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@insightexpressai[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.appprizes[2].txt
C:\Documents and Settings\Sally\Cookies\sally@trafficmp[2].txt
C:\Documents and Settings\Sally\Cookies\sally@mediabrandsww[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.addynamix[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.burstbeacon[1].txt
C:\Documents and Settings\Sally\Cookies\sally@a1.interclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@content.yieldmanager[3].txt
C:\Documents and Settings\Sally\Cookies\sally@content.yieldmanager[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www3.webscanoverav.findhere[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.lycos[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media.adfrontiers[2].txt
C:\Documents and Settings\Sally\Cookies\sally@dc.tremormedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@yahoogroups.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@zedo[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.pointroll[2].txt
C:\Documents and Settings\Sally\Cookies\sally@legolas-media[1].txt
C:\Documents and Settings\Sally\Cookies\sally@overture[2].txt
C:\Documents and Settings\Sally\Cookies\sally@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\Sally\Cookies\sally@collective-media[1].txt
C:\Documents and Settings\Sally\Cookies\sally@mm.chitika[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.adperium[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adxpose[1].txt
C:\Documents and Settings\Sally\Cookies\sally@realmedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@clicksor[1].txt
C:\Documents and Settings\Sally\Cookies\sally@fastclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@yellowpages.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@doubleclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@statse.webtrendslive[2].txt
C:\Documents and Settings\Sally\Cookies\sally@lucidmedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.wsod[1].txt
C:\Documents and Settings\Sally\Cookies\sally@interclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adbrite[1].txt
C:\Documents and Settings\Sally\Cookies\sally@counter.hitslink[1].txt
C:\Documents and Settings\Sally\Cookies\sally@imrworldwide[2].txt
C:\Documents and Settings\Sally\Cookies\sally@revsci[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ru4[2].txt
C:\Documents and Settings\Sally\Cookies\sally@2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@revsci[3].txt
C:\Documents and Settings\Sally\Cookies\sally@homefinder[1].txt
C:\Documents and Settings\Sally\Cookies\sally@myroitracking[2].txt
C:\Documents and Settings\Sally\Cookies\sally@stats.manticoretechnology[2].txt
C:\Documents and Settings\Sally\Cookies\sally@countryliving[1].txt
C:\Documents and Settings\Sally\Cookies\sally@myfloridacounty[1].txt
C:\Documents and Settings\Sally\Cookies\sally@mediaplex[1].txt
C:\Documents and Settings\Sally\Cookies\sally@allegis.122.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adserv.mywebtimes[1].txt
C:\Documents and Settings\Sally\Cookies\sally@statcounter[2].txt
C:\Documents and Settings\Sally\Cookies\sally@specificclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@msnbc.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.find-quick-results[1].txt
C:\Documents and Settings\Sally\Cookies\sally@apmebf[2].txt
C:\Documents and Settings\Sally\Cookies\sally@247realmedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@bs.serving-sys[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.burstnet[2].txt
C:\Documents and Settings\Sally\Cookies\sally@bizzclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@pointroll[2].txt
C:\Documents and Settings\Sally\Cookies\sally@bizzclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@traveladvertising[2].txt
C:\Documents and Settings\Sally\Cookies\sally@tacoda.at.atwola[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.ad4game[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.countryliving[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adinterax[1].txt
C:\Documents and Settings\Sally\Cookies\sally@cdn1.trafficmp[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.undertone[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.countryliving[2].txt
C:\Documents and Settings\Sally\Cookies\sally@eyewonder[2].txt
C:\Documents and Settings\Sally\Cookies\sally@rotator.adjuggler[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.homefinder[1].txt
C:\Documents and Settings\Sally\Cookies\sally@perf.overture[1].txt
.fastclick.net [ C:\Documents and Settings\Sally\Local

amb913, Jun 27, 2011

#30
amb913 Newcomer, in training Posts: 47

sas log continued...

Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.r1-ads.ace.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bizzclick.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.find-quick-results.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
server.iad.liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

PUP.Whitesmoke
HKLM\SOFTWARE\whitesmoketoolbar
HKLM\SOFTWARE\whitesmoketoolbar#ieInstallPath

Trojan.Agent/Gen-Kazy[Ico]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP778\A0289080.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FDD30534-915E-4E2D-B02D-56DD77B62745}\RP788\A0290607.DLL

amb913, Jun 27, 2011

#31
Bobbye Helper on the Fringe Posts: 16,406 +16

Okay- I hope you remembered to put in the check to remove found items!

The 2 entries showing in System Volume are restore points. They are not active in the system. I will have you drop all of the old restore point and set a new clean on when the system is clean.
=====================================
Each of the following user accounts need to have the Cookies reset:
Sally
jackie
Ann

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=======================================
Someone came along and used the system and set their account up with name new c:\documents and settings\new\application data\Mozilla\extensions\ They put an extension on Firefox for gamevance. and most likely will be the user who is responsible for not removing it in Mbam. It appears that an extension to play sushi has been added to Firefox.

I am a bit confused by your comment:

so it wasnt me or anyone here. lol. i have informed my mom and my son not to download anything,

Someone with access to the computer set up this account- how good a detective are you?

Each user has their own SID This is the Security Identifier. The SID for the "new user" is:
S-1-5-21-1390067357-602609370-682003330-1005 All the malware found in Mbam that is identified by name is the 'new user': c:\documents and settings\new\application data\.

The format of an SID can be illustrated as follows:
S-1-5-21-1390067357-602609370-682003330-1005 .
S = The string is a SID
1 = The revision level (the version of the SID specification)
5 = The identifier authority value
21-1390067357-602609370-682003330 = domain or local computer identifier
1005 = a Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater.

All of the trash that was found was on the account named new and it is that user who must have unchecked the removal of Play Sushi in Mbam.

So if you're up to it, you or the Administrator need to find out who user new is and and delete the account. Possibly after that has been done we can finish removing the malware. There is also the possibility that the system has been hacked.

Bobbye, Jun 28, 2011

#32
amb913 Newcomer, in training Posts: 47

when i go into user accounts, there is no "new" or jackie. jackie was a roomate a long time ago, and her account was deleted a year ago i think. the only users that show up are ann, sally and nick (my son). i dont see how jackie could still be showing up, or where the "new" user account came from but i cant access either one of them, because they arent visible in user accounts.

amb913, Jun 30, 2011

#33
Bobbye Helper on the Fringe Posts: 16,406 +16

If account Jackie was deleted a year ago and Cookies for that account are still on the system, then it appears that the system hasn't been maintained for deleting temporary internet files, Cookie, Disc cleanup, Error Check and Defrag. If it had the entries for the old accounts wouldn't be showing.

I'm going to tell you what I see and you can decide what-if anything-to do about them. I do recommend though the each account resets the Cookies.

Tracking Cookies and other Cookies: There are accounts for the following:
Ann
Administrator
jackie
Guest
LocalService
NetworkService
Sally
new

The account for new shows visits to sites such as:
static.sexsearch.com
.porn.com
.pornhub.com
cc.gameadserve.com

I don't see any entries for an account named Nick. That could mean one of 2 things: 1. He is maintaining his account well and not accumulating temporary internet files and Cookies. 2. Nick is working under an account isn't named Nick I do not have any further information on that.
===========================================
Since you had SuperantiSpyware remove all the entries it found and hopefully you reset the Cookies on the accounts, it might be informative to run SAS again and see if anything is found.

Bobbye, Jul 1, 2011

#34
amb913 Newcomer, in training Posts: 47

here is what i think happened. my son may have created the NEW user account and then deleted it without also deleting the files and folders for that user. same thing with jackies account. the account was deleted, but whoever deleted it opted to keep the files and folders. does that make sense? also, what i meant when i said " it wasnt anyone here..." was that when i ran malware bytes again, and looked at the files it found, playsushi was in there but it was automatically unchecked as to not delete those files, without me unchecking it. i am in the process of resetting cookies for each user account, and am going to run sas again. i ran a search of my c drive for docs & settings/jackie and for new and found a bunch of stuff for both. should i delete the files for those users since they are no longer active?

amb913, Jul 1, 2011

#35
amb913 Newcomer, in training Posts: 47

one thing i just noticed while signing onto nicks user acct. all the files on his user acct ( pics, txt files, etc) are the same as the NEW user files i found in the search of my c drive... im so confused! apparently nick and new are the same user? ugh i dont know. im running the sas scan now and it is still finding files for gamevance in the regristry.

amb913, Jul 1, 2011

#36
Bobbye Helper on the Fringe Posts: 16,406 +16
I gave you the information I saw from the log:

I don't see any entries for an account named Nick. That could mean one of 2 things: 1. He is maintaining his account well and not accumulating temporary internet files and Cookies. 2. Nick is working under an account isn't named Nick I do not have any further information on that.

It would seem that #2 would be the most logical. Everything in SAS should be checked for removal- no matter whose account it's on. After doing that, I suggest you reboot first, then run the following:

Please download ATF Cleaner by Atribune

[1] Double-click ATF-Cleaner.exe to run the program.
[2] Under Main choose: Select All
[3] Click the Empty Selected button.

If you use Firefox browser
[1] Click Firefox at the top and choose:Select All
[2] Click the Empty Selected button.
[3] NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
[1] Click Opera at the top and choose: Select All
[2]Click the Empty Selected button.
[3]NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

==========================================
Reboot the computer.
==========================================
Run SAS again.
Bobbye, Jul 1, 2011

#37
amb913 Newcomer, in training Posts: 47

ok ive cleared out all cookies, installed and used the atf cleaner. i did use the atf cleaner then rebooted and used sas again, and it still finds tracking cookies even after i deleted them. dont know whats up with that. the one thing i didnt do was to install the two add ons for firefox. i dont really use it, but if its necessary for this cleaning process, then i will install them. ill be waiting to hear from you.

amb913, Jul 3, 2011

#38
Bobbye Helper on the Fringe Posts: 16,406 +16

Do this for each of the accounts:

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

This is optional:

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
===============================
Would you like to share the rescan of SAS log?

Bobbye, Jul 3, 2011

#39
amb913 Newcomer, in training Posts: 47

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2011 at 11:02 PM

Application Version : 4.55.1000

Core Rules Database Version : 7369
Trace Rules Database Version: 5181

Scan type : Complete Scan
Total Scan Time : 01:53:26

Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 7894
Registry threats detected : 0
File items scanned : 31908
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Sally\Cookies\sally@citi.bridgetrack[2].txt
C:\Documents and Settings\Sally\Cookies\sally@dc.tremormedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@realmedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@homefinder[2].txt
C:\Documents and Settings\Sally\Cookies\sally@adserv.mywebtimes[2].txt
C:\Documents and Settings\Sally\Cookies\sally@247realmedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.homefinder[1].txt

amb913, Jul 4, 2011

#40

Page 2 of 3

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.