Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Drive Thrashing


  • This topic is locked This topic is locked
12 replies to this topic

#1 CindyGM

CindyGM

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 18 May 2010 - 10:33 AM

First, apologies if I am posting this in the wrong section. Second, this is the first time I have posted a question, so please let me know if I am missing some critical information.

I have a desktop PC that occassionally starts performing sluggishly and will work the hard drive like crazy even if I have no applications open. This happens randomly and the length of time is also random - once it lasted for a couple of days and sometimes it will only last an hour or so. I started experiencing it today and was hoping that someone could help. Here are my desktop specs:

HP Pavilion Slimline s3400f
3072 MB Memory
500 GB Hard Drive
Originally came with Windows Vista Home Premium and upgraded to Windows 7 (problem existed with both OS, but happened more frequently with Vista)

I downloaded HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:41 AM, on 5/18/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Glance25\Glance.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.wsj.com/home/us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Cindy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Glance.lnk = C:\Program Files\Glance25\Glance.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.14/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kasian.webex.com/client/T27L/webex/ieatgpc1.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 9281 bytes

EDIT: Moved from Win 7 to more appropriate Malware Removal Logs forum ~ Hamluis.

Edited by hamluis, 18 May 2010 - 01:01 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:28 AM

Posted 19 May 2010 - 06:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 CindyGM

CindyGM
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 21 May 2010 - 10:41 AM

I'm here!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:28 AM

Posted 21 May 2010 - 07:18 PM

HijackThis isn't a powerful enough scanner so please run the following programs for me.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#5 CindyGM

CindyGM
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 23 May 2010 - 11:30 PM

Here are the results of the DDS scan:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Cindy at 23:17:38.18 on Sun 05/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3455.2462 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Users\Cindy\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Glance25\Glance.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cindy\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uStart Page = hxxp://online.wsj.com/home/us
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\cindy\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averhi~1.lnk - c:\program files\common files\avermedia\averquick\AVerHIDReceiver.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\glance.lnk - c:\program files\glance25\Glance.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.14/uploader2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kasian.webex.com/client/T27L/webex/ieatgpc1.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\38hp7spv.default\
FF - plugin: c:\program files\glance24\npglance.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\cindy\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVerRemote;AVerRemote;c:\program files\common files\avermedia\service\AVerRemote.exe [2009-10-24 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\common files\avermedia\service\AVerScheduleService.exe [2009-10-24 409600]
R3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2010-5-7 34080]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 AVerFx2hbtv;AVerMedia USB Pure ATSC Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-10-24 272640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-29 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 PMAPS Indexing Service;PMAPS Indexing Service;c:\program files\proposal software\pmaps index server\PMAPS.IndexingService.Host.exe [2008-12-16 11264]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-05-18 13:31:19 0 d-----w- c:\program files\Trend Micro
2010-05-11 20:38:39 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-09 16:52:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-07 15:02:57 34080 ----a-w- c:\windows\system32\drivers\glancedrv.sys
2010-05-07 15:02:57 33824 ----a-w- c:\windows\system32\glancedrv.dll
2010-05-07 15:02:57 0 d-----w- c:\program files\Glance25
2010-05-01 21:22:37 0 d-----w- c:\program files\iPod
2010-05-01 21:22:36 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-01 21:22:36 0 d-----w- c:\program files\iTunes
2010-05-01 21:19:12 0 d-----w- c:\program files\Bonjour
2010-04-30 20:03:26 0 d-----w- c:\users\cindy\appdata\roaming\WD
2010-04-30 20:03:23 0 d-----w- c:\program files\common files\Memeo
2010-04-28 12:58:18 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 12:58:18 1037312 ----a-w- c:\windows\system32\lsasrv.dll

==================== Find3M ====================

2010-05-06 15:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 16:55:00 72080 ----a-w- c:\users\cindy\g2mdlhlpx.exe
2010-04-16 13:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 13:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-24 16:32:17 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-24 16:32:17 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-10 11:06:48 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-09-10 11:06:48 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-09-10 11:06:48 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-01-24 16:32:17 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-24 16:32:17 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-06 16:52:02 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-12-06 16:52:02 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-12-06 16:52:02 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:18:03.09 ===============

Attached Files



#6 CindyGM

CindyGM
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 23 May 2010 - 11:53 PM

Ran the Defogger with no issues, but it did not prompt me to restart. I restarted anyway.

Ram the GMER with the following results:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 23:48:27
Windows 6.1.7600
Running: 8grywzty.exe; Driver: C:\Users\Cindy\AppData\Local\Temp\kwtdyfoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E26AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E26104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E263F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0F2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0E898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E261DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E26958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E266F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E26F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E271A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E86599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9C75AC9D 28 Bytes [1E, E1, F7, E7, 8E, 09, FC, ...]
.text peauth.sys 9C75ACC1 28 Bytes [1E, E1, F7, E7, 8E, 09, FC, ...]
PAGE peauth.sys 9C76102C 102 Bytes [41, 2C, 74, B1, 63, 9B, CA, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9E11D000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9E11D123 33 Bytes [85, 11, 9E, FE, 05, 34, 85, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50D5 9E11D145 595 Bytes [9E, A0, 34, 85, 11, 9E, 84, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9E11D399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9E11D3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000041 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:28 AM

Posted 24 May 2010 - 04:22 PM

There's no problems there.

Please run MBAM and SAS, they should find something, if something is there.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#8 CindyGM

CindyGM
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 25 May 2010 - 07:09 AM

Here are the MBAM results:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4140

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/25/2010 7:06:50 AM
mbam-log-2010-05-25 (07-06-50).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 593164
Time elapsed: 2 hour(s), 19 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#9 CindyGM

CindyGM
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 25 May 2010 - 02:02 PM

Here are the results of the SUPERAntiSpyware scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/25/2010 at 09:40 AM

Application Version : 4.37.1000

Core Rules Database Version : 4983
Trace Rules Database Version: 2795

Scan type : Complete Scan
Total Scan Time : 02:28:53

Memory items scanned : 652
Memory threats detected : 0
Registry items scanned : 9096
Registry threats detected : 0
File items scanned : 250840
File threats detected : 643

Adware.Tracking Cookie
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ad.yieldmanager[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@advertising[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.gmodules[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@insightexpressai[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@yieldmanager[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@content.yieldmanager[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ar.atwola[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@cdn.at.atwola[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.pointroll[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.bridgetrack[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@collective-media[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@atwola[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@liveperson[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@liveperson[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@statse.webtrendslive[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@chitika[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.bleepingcomputer[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@at.atwola[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@bs.serving-sys[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@apmebf[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@tacoda[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@atdmt[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@serving-sys[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@invitemedia[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@pointroll[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@data.coremetrics[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@doubleclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@server.iad.liveperson[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@mediaplex[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@click2houston[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@a1.interclick[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ad.fed.msn[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ad.zanox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ad1.clickhype[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@adinterax[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@adlegend[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@adopt.specificclick[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.as4x.tmcs.ticketmaster[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.bootcampmedia[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.bridgetrack[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.ft[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.imarketservices[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.ozonemedia.co[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.pointroll[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.reason[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ads.telegraph.co[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@adserver.adtechus[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@apmebf[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ar.atwola[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@at.atwola[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@atwola[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@banners.bannersource[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@c7.zedo[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@cb.adbureau[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@cdn.at.atwola[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@cdn4.specificclick[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@clickshift[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@collective-media[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@content.yieldmanager[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@data.coremetrics[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@dmtracker[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@easy-hit-counters[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ecnext.advertserve[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@edge.ru4[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ehg-aig.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ehg-hartfordfireinsurance.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ehg-infoblox.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ehg-interwoven.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ehg-vailresorts.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ehg-webex.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@ehg-zoomerang.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@exitexchange[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@gaylordentertainment.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@gotvmail.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@hisnakiamotors.122.2o7[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@iacas.adbureau[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@imediablast[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@imrworldwide[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@indextools[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@insightexpressai[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@interclick[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@invitemedia[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@jcrew.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@kontera[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@lfstmedia[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@media.adrevolver[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@media.expedia[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@media6degrees[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@msnbc.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@network.realmedia[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@nextag[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@oasn04.247realmedia[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@pajamasmedia[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@paypal.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@pennwellcorp.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@phg.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@richmedia.yahoo[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@rotator.adjuggler[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@sales.liveperson[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@sales.liveperson[3].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@salesforce.122.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@secure-media-sf2p.facebook[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@server.iad.liveperson[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@server.iad.liveperson[3].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@socialmedia[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@specificclick[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@specificmedia[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@stats.paypal[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@superstats[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@test.coremetrics[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@trackalyzer[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@tracking.dsmmadvantage[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@tracking.foxnews[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@web4.realtracker[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@webex.122.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www.burstbeacon[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www.burstnet[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www.douglascountynv[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www.dteenergy[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www.googleadservices[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www.googleadservices[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www.googleadservices[3].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www.portfoliomedianl[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@www1.discountofficeitems[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\cindy@yieldmanager[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@a.findarticles[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adcentriconline[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adinterax[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adlegend[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adopt.specificclick[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.apartmenttherapy[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.bridgetrack[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.cnn[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.monster[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.pointroll[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.techguy[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.telegraph.co[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.widgetbucks[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adserver.adtechus[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@alamo-push.worldmedia[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@anad.tacoda[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@anat.tacoda[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@apmebf[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@atwola[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@azjmp[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bbos.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bizjournals.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bizrate[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@buzznet.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bzresults.122.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@cbs.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@click.interactivebrands[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@click2houston[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@click2weather[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@cms.trafficmp[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@collective-media[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@counter2.hitslink[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@county.milwaukee[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@cracked[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@data.coremetrics[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@dmtracker[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@dynamic.media.adrevolver[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@edge.ru4[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-accuweather.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-aig.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-amlawmedia.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-findlaw.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-foxsports.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-gaylordentertainment.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-interwoven.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-jigsaw.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-kodak.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-meevee.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-saic.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-techtarget.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-viacom.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-webex.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-zoom.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-zoomerang.hitbox[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@eyewonder[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@findarticles[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@findlaw[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@gaylordentertainment.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@glb.adtechus[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@gotvmail.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@highbeam.122.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@iacas.adbureau[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@imc2.122.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@imrworldwide[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@incisivemedia.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@incisivemedia[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@indexstats[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@insightexpressai[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@interclick[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@jcrew.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@joiedevivrehospitality.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@jra.advertserve[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@kontera[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@logoworks.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.adrevolver[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.ntsserve[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.zoominfo[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media6degrees[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@meettheelite[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@msnbc.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@nbcuniversal.122.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@pajamasmedia[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@partner2profit[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@phg.hitbox[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@pointclickmow[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@premiereglobalservices.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@qnsr[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@revsci[3].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@richmedia.yahoo[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@roiservice[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@rotator.adjuggler[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[4].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[5].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[6].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[7].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@salesforce.122.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@servedby.onlinemediadiva[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@server.iad.liveperson[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@server.iad.liveperson[3].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sixapart.adbureau[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@specificclick[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@specificmedia[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stat.onestat[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@statse.webtrendslive[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@summitbusinessmedia.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@superstats[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@t3.trackalyzer[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@trackalyzer[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@tracking.foxnews[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@tracking.keywordmax[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@urlad--doubleclick--net.reachlocal[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@urlsecure--indexstats--com.reachlocal[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@urlstats--indexstats--com.reachlocal[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@usatoday1.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@viacomedycentralrl.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@warnerbros.112.2o7[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.accountingcoach[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.burstbeacon[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.burstnet[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.click2houston[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.googleadservices[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.googleadservices[3].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.googleadservices[4].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.meettheelite[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.pointclickmow[1].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.visitor-track[2].txt
C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@yieldmanager[2].txt
.imrworldwide.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.imrworldwide.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.pajamasmedia.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.pajamasmedia.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.pajamasmedia.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.specificclick.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.specificclick.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.specificclick.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.specificclick.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.specificclick.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.kontera.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.kontera.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
www.burstnet.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
www.burstnet.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.at.atwola.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.at.atwola.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
ads.lucidmedia.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
ads.lucidmedia.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
ads.lucidmedia.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.smartmoney.112.2o7.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.yieldmanager.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.apmebf.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.dmtracker.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
cache.trafficmp.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
cache.trafficmp.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.media6degrees.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.media6degrees.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.salesforce.122.2o7.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.collective-media.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.collective-media.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.collective-media.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.collective-media.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.ads.pointroll.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.ads.pointroll.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.ads.pointroll.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.ads.pointroll.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.ads.pointroll.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.ads.pointroll.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.ads.pointroll.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.interclick.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.interclick.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
data.coremetrics.com [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
.adopt.specificclick.net [ C:\$Recycle.Bin\S-1-5-21-3511730487-2863508565-3024722165-1001\$RVVN7CD\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5n51rfln.default\cookies.txt ]
C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@ad.yieldmanager[2].txt
C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@atdmt[2].txt
C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@casalemedia[1].txt
C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@chitika[1].txt
C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@doubleclick[2].txt
C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@imrworldwide[2].txt
C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@insightexpressai[2].txt
C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@revsci[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@247realmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@2o7[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@2o7[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@a1.interclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@a1.interclick[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@a1.interclick[4].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ad.thehill[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ad.turn[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ad.wsod[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ad.yieldmanager[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ad.yieldmanager[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ad1.clickhype[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adbrite[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adbureau[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adecn[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adinterax[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adinterax[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adlegend[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adrevolver[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.addynamix[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.adfox[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.adfox[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.associatedcontent[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.audxch[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.belointeractive[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.bleepingcomputer[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.bridgetrack[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.cnn[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.foodbuzz[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.gmodules[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.ibibo[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.lockedonmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.mail[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.monster[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.peoplespharmacy[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.pointroll[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.raasnet[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.shopstyle[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.shorttail[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.sun[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.telegraph.co[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.thefrisky[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.thesmokinggun[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads.undertone[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads2.phonearena[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ads2.qsoft.co[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adserv.brandaffinity[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adserver.adtechus[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adserver.adtechus[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adserver.bettyconfidential[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adserver1.backbeatmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adserving.autotrader[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adtech[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adtracker.americantowns[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@advertising[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@advertising[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adviva[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@adxpose[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@aei.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@afe.specificclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@allbritton.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@amazonmerchants.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@amazonservices.122.2o7[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@amznshopbop.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@apmebf[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@app.insightgrit[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@associatedcontent.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@at.atwola[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@atdmt[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@audiag.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@audit.median[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@balmybanner893[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bassproshops.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@beacon.dmsinsights[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bellglobemediapublishing.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bizrate[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@blogs.timesofindia.indiatimes[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bluestreak[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bmwmoter.122.2o7[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bnkicom.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bonniercorp.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bravenet[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@breakmedia.checkm8[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@broadview.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@brownshoe.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@bs.serving-sys[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@burstbeacon[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@burstnet[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@buzznet.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@c4.zedo[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@carlson.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@casalemedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@cb.adbureau[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@cdn4.specificclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@chitika[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ciscowebex.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@citi.bridgetrack[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@click2houston[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@click2weather[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@clickability[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@clickbank[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@clickshift[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@clicksor[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@collective-media[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@condenast.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@content.yieldmanager[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@content.yieldmanager[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@counter.hitslink[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@cratebarrel.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@csi-tracking[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@csm.rotator.hadj7.adjuggler[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@d.mediadakine[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@d.mediaforceads[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@daimlerag.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@data.coremetrics[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@dc.tremormedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@dealtime[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@demandquestiontime[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@dmtracker[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@doubleclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6walykodpokp.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wbkowkajocp.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wdmywkcpobo.stats.esomniture[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wfloghdzeaq.stats.esomniture[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wgkiepdpwap.stats.esomniture[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6whkiumajadq.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wjkyqkajmkp.stats.esomniture[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wjliahdjkap.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wjliuoajkdp.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wjmioidjgbp.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wjmyelcjscq.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wjnyaid5kdp.stats.esomniture[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wmkykjcpcap.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wnmiaod5olp.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@e-2dj6wnmyelazgkp.stats.esomniture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@eas.apm.emediate[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@edge.ru4[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-aig.hitbox[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-crain.hitbox[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-newscientist.hitbox[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-newyorkpost.hitbox[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-starbucks.hitbox[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-techtarget.hitbox[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-theactivenetwork.hitbox[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ehg-viacom.hitbox[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@eyewonder[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@fastclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@fim.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@firstroi.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@flightstats[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ford.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@foxinteractivemedia.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@furrypalsrescue-org.sitereports.officelive[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@gostats[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@gotvmail.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@greatschools.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@hammacher.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@harrahs.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@he.valueclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@hearstmagazines.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@hillcountry.hyatt[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@hitbox[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@hospitalityebusiness.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@host-d.oddcast[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@hotelscom.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@iacas.adbureau[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ihg.db.advertising[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@imc2.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@imrworldwide[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@in.getclicky[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@insightexpressai[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@interclick[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@interclick[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@intermundomedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@invitemedia[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@invitemedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@invitemedia[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@jcrew.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@jordanlebaron.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@kanoodle[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@kiplinger.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@kontera[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@legolas-media[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@lfstmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@link.mercent[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@linksynergy[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@lockedonmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@lucidmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@marketlive.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@marriottinternational.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@marthastewart.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.adfrontiers[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.adrevolver[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.adrevolver[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.expedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.formatdynamics[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.legacy[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media.mtvnservices[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@media6degrees[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@mediabistro[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@mediadakine[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@mediamatters[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@mediaplex[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@mediaplex[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@microsoftmachinetranslation.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@microsoftsba.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@microsoftwlcashback.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@monstercom.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@msnbc.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@msnportal.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@myroitracking[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@network.realmedia[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@nextag[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@nike.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@oasn04.247realmedia[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@oddcast[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@optimize.indieclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@overture[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@overture[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@pajamasmedia[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@pajamasmedia[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@paypal.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@perf.overture[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@petfinder[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@pluckit.demandmedia[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@pointroll[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@pro-market[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@pubads.g.doubleclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@qnsr[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@questionmarket[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@questionmarket[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@randomhouse.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@realmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@revsci[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@revsci[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@reztrack[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@richmedia.yahoo[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@roiservice[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@ru4[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@s.clickability[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[10].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[11].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[4].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[5].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[6].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[7].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[8].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sales.liveperson[9].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@saxorutland.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@servedby.adxpower[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@server.iad.liveperson[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@server.iad.liveperson[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@server.iad.liveperson[4].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@server.iad.liveperson[5].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@server.iad.liveperson[6].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@server.iad.liveperson[7].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@serving-sys[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@shure.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sixapart.adbureau[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@smartmoney.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@socialmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@sojern.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@specificclick[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@specificclick[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@specificclick[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@specificmedia[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@specificmedia[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@spylog[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stat.dealtime[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stat.onestat[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@statcounter[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@statcounter[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stats.adbrite[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stats.contentactive[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stats.paypal[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stats.sharkstores[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stats.theoatmeal[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stats.townnews[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@statse.webtrendslive[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@steelhousemedia[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@stpetersburgtimes.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@surveymonkey.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@t.lynxtrack[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@t.pointroll[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@tacoda[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@tacoda[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@target.db.advertising[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@thechronicleofhighereducation.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@thecounterburger[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@thinkgeek.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@thinkresources.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@timeinc.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@timesofindia.indiatimes[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@toplist[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@trackalyzer[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@tracking.foxnews[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@trafficmp[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@trafficmp[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@traveladvertising[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@tribalfusion[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@triseptsolutions.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@trvlnet.adbureau[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@uac.advertising[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@usatoday1.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@user-activity-tracking[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@valueclick[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@viacom.adbureau[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@videoegg.adbureau[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@videos.mediaite[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@warnerbros.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@waterfrontmedia.112.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@web4.realtracker[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@webstats.aetna[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@webstats.aetna[3].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.applytracking[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.burstbeacon[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.burstnet[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.checkingfinder[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.click2houston[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.clickmanage[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.etracker[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.free-counter[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.googleadservices[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.petfinder[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@www.thecounterburger[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@xiti[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@yadro[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@yellowpages.click2houston[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@yieldmanager[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@z.blogads[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@zag.122.2o7[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@zedo[2].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@zillow.adbureau[1].txt
C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Cookies\Low\cindy@zionsbancorp.112.2o7[2].txt

Adware.Unknown Origin
C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:28 AM

Posted 25 May 2010 - 03:49 PM

Nothing really nasty there. smile.gif

I recommend that you read this tutorial on the site which explains what you can do to speed up your PC.

You may also wish to post at the Windows 7 forum on this site.
Posted Image
m0le is a proud member of UNITE

#11 CindyGM

CindyGM
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 25 May 2010 - 03:53 PM

OK, thanks. I will take a look at the tutorial. I originally posted this on the Windows 7 forum, but it got moved to this forum. If I do end up needing more help, should I repost to the Windows 7 forum again?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:28 AM

Posted 25 May 2010 - 04:43 PM

Yes, and link to this topic and explain that your PC is clean of malware.

Good luck thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:28 AM

Posted 29 May 2010 - 06:16 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users