Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need major helping with Spybot Search & Destroy! :(


  • Please log in to reply
12 replies to this topic

#1 xthewindx

xthewindx

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 October 2011 - 01:23 AM

So guys, I got Guard-online virus. And I tried to look for an online post for it. But before that, I tried to go to safemode and stop some startup programs, including GuardOnline so I can freely use other Anti-Virus program without it being shutdown. When I used Spybot's starup program function. All these ".exe" is in the list which I never had before....
I'm very confused not knowing if I should disable all the random ones with random characters and numbers and only keep the ones that make sense to me? Cause really, they look like virus to me...Please help me ASAP, for I have more to ask! :(

Look at the pic to know what I'm talking about.

And also, If I remove the entry itself from the list, would I delete the application itself, or just remove it from the list? Thanks

Can any1 help me? pleaseee

Attached Files


Edited by Budapest, 10 October 2011 - 12:04 AM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:08 AM

Posted 16 October 2011 - 04:22 PM

Hi xthewindx,

:welcome: to BleepingComputer.
We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Do you still need help? If so, continue to follow these instructions:

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step2: Let's try rebooting into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu with several options. Press the down arrow key on your keyboard until Safe Mode with Networking is selected. Press Enter. Please see here for additional details.

:step3: As this infection is known to be bundled with the TDSS rootkit infection, you should also run a program that can be used to scan for this infection. Please carefully follow the steps in the following guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller If you have previously downloaded TDSSkiller, please download a new version, as it is updated often.

:step4: Still in Safe Mode with Networking, download rkill from one of the following downloads (if you are unable to download or run rkill from one download, move to the next one.)

1. http://download.bleepingcomputer.com/grinler/rkill.com
2. http://download.bleepingcomputer.com/grinler/rkill.pif
3. http://download.bleepingcomputer.com/grinler/rkill.scr
4. http://download.bleepingcomputer.com/grinler/eXplorer.exe
5. http://download.bleepingcomputer.com/grinler/iExplore.exe
6. http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
7. http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
8. http://www.boredomsoft.org/hosted/rkill.exe
9. http://www.boredomsoft.org/hosted/rkill.com
10. http://www.boredomsoft.org/hosted/rkill.scr
11. http://www.boredomsoft.org/hosted/eXplorer.exe
12. http://www.boredomsoft.org/hosted/iExplore.exe

Please be patient while Rkill looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If it appears like Rkill did not stop the malware from running, please try running RKill again until the malware is no longer running.

Do not reboot your computer after running RKill as the malware programs will start again!

:step5: Sill in Safe Mode with Networking, please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

:step6: Superantisypware (SAS):
Reboot into Normal Mode (not Safe Mode.)
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others checked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen, under "Select Scan Type" click Complete Scan.
  • On the left, make sure you check C:\.
  • Click Start Complete Scan > Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

:step7: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • MiniToolBox log
  • TDSSkiller log (located at C:\)
  • Malwarebytes log
  • SuperAntiSpyware log
  • GMER log

Edited by jntkwx, 16 October 2011 - 04:23 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 xthewindx

xthewindx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 23 October 2011 - 03:10 AM

Oh wow Jason, thanks for the reply even though late but very useful. I already fixed my problem but still took the time to read your post since I forgot that I had a question up here and didn't want to make it looks like I don't care about this forum. So what I did was using Malwarebytes Anti-Malware (which I saw you mentioned up there) and found out there was >50,000 virues/trojas/backdoorbots in my PC. No, I am not lying bro!
Anyway, since everything was fixed I guess I still want to post my MiniBox Log I just downloaded and used just now so you would know and take a look to see if there's anything wrong with my PC currently.
Oh, and just to make sure I ticked ALL of the options in the program including "Flush DSN", idk what that means though:


MiniToolBox by Farbar
Ran by Sano Sava (administrator) on 23-10-2011 at 03:04:09
Windows 7 Home Premium (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:50283

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 50283
"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

74.208.10.249 gs.apple.com

127.0.0.1 blazeserver.blazeemu.org
127.0.0.1 gosgvaprod-qos01.ea.com
127.0.0.1 gosiadprod-qos01.ea.com
127.0.0.1 gossjcprod-qos01.ea.com
127.0.0.1 demangler.ea.com
127.0.0.1 vmp.tools.gos.ea.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com

There are 15047 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SanoSava-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : setup

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : setup
Description . . . . . . . . . . . : DW1525 (802.11n) WLAN PCIe Card
Physical Address. . . . . . . . . : C4-17-FE-0E-CF-1B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::288a:8264:4a1c:3df5%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.11.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 23, 2011 3:00:13 AM
Lease Expires . . . . . . . . . . : Tuesday, October 25, 2011 3:00:13 AM
Default Gateway . . . . . . . . . : 192.168.11.1
DHCP Server . . . . . . . . . . . : 192.168.11.1
DHCPv6 IAID . . . . . . . . . . . : 230955006
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-FE-D9-1A-00-25-64-EB-9D-B7
DNS Servers . . . . . . . . . . . : 192.168.11.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-25-64-EB-9D-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:34a5:9e:9336:5387(Preferred)
Link-local IPv6 Address . . . . . : fe80::34a5:9e:9336:5387%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.setup:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : setup
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.73.99] with 32 bytes of data:
Reply from 74.125.73.99: bytes=32 time=34ms TTL=48
Reply from 74.125.73.99: bytes=32 time=30ms TTL=48

Ping statistics for 74.125.73.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 34ms, Average = 32ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=24ms TTL=54
Reply from 209.191.122.70: bytes=32 time=38ms TTL=54

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 38ms, Average = 31ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
===========================================================================
Interface List
12...c4 17 fe 0e cf 1b ......DW1525 (802.11n) WLAN PCIe Card
11...00 25 64 eb 9d b7 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.11.1 192.168.11.8 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.11.0 255.255.255.0 On-link 192.168.11.8 281
192.168.11.8 255.255.255.255 On-link 192.168.11.8 281
192.168.11.255 255.255.255.255 On-link 192.168.11.8 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.11.8 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.11.8 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:34a5:9e:9336:5387/128
On-link
12 281 fe80::/64 On-link
16 306 fe80::/64 On-link
12 281 fe80::288a:8264:4a1c:3df5/128
On-link
16 306 fe80::34a5:9e:9336:5387/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 mswsock.dll [File Not found] ()
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/23/2011 03:02:28 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:50283
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (10/23/2011 02:38:52 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:50283
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (10/23/2011 02:03:43 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:50283
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (10/22/2011 04:24:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (10/22/2011 04:23:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/22/2011 04:23:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/22/2011 04:21:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (10/22/2011 04:21:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/21/2011 03:00:33 AM) (Source: MsiInstaller) (User: Sano Sava)Sano Sava
Description: Product: FixCleaner -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (10/21/2011 03:00:19 AM) (Source: MsiInstaller) (User: Sano Sava)Sano Sava
Description: Product: DriverUpdate -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.


System errors:
=============
Error: (10/23/2011 03:02:07 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/23/2011 03:01:16 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (10/23/2011 03:01:16 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (10/23/2011 03:01:16 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (10/23/2011 03:01:16 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (10/23/2011 03:00:28 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32

Error: (10/23/2011 03:00:10 AM) (Source: Service Control Manager) (User: )
Description: The atksgt service failed to start due to the following error:
%%1275

Error: (10/23/2011 03:00:10 AM) (Source: Application Popup) (User: )
Description: Driver atksgt.sys has been blocked from loading.

Error: (10/23/2011 03:00:09 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%183

Error: (10/23/2011 03:00:09 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%183


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 2.0.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Drive CS4 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Flash Player 10 Plugin (Version: 10.2.153.1)
Adobe Fonts All x64 (Version: 2.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 9.4.4 (Version: 9.4.4)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Aiseesoft iPhone Software Pack
Akamai NetSession Interface
Alpha Protocol (Version: 1.00.0000)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Assassin's Creed Brotherhood (Version: 1.00)
Auto Hide IP (Version: 4.6.7.2)
Banctec Service Agreement (Version: 2.0.0)
Bonjour (Version: 2.0.4.0)
Browser Defender 3.0 (Version: 3.0.0.312)
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.6 Patch
CDisplay 1.8
Cheat Engine 5.6
Command & Conquer 3 (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Connect (Version: 1.0.0.1)
Cozi (Version: 1.0.4323.24051)
Dell DataSafe Local Backup - Support Software (Version: 2.31)
Dell DataSafe Local Backup (Version: 9.4.51)
Dell DataSafe Online (Version: 1.2.0009)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Deus Ex - Human Revolution version 1.0 (Version: 1.0)
Documents To Go Desktop for iPhone (Version: 2.0000.006)
DriverUpdate (Version: 2.2.14752)
EvilLyrics
Facebook Video Calling 1.0.0.8526 (Version: 1.0.8526)
Feedback Tool (Version: 1.1.0)
ffdshow v1.1.3425 [2010-05-08] (Version: 1.1.3425.0)
File Splitter and Joiner (FFSJ v3.3)
GameSpy Arcade
Google Desktop (Version: 5.9.1005.12335)
GoToAssist 8.0.0.514
Internet Download Manager
iPhoneBrowser (Version: 1.9.3)
iTunes (Version: 10.1.0.56)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 22 (Version: 6.0.220)
Junk Mail filter update (Version: 14.0.8089.726)
K-Lite Mega Codec Pack 5.8.3 (Version: 5.8.3)
kuler (Version: 2.0)
League of Legends (Version: 1.0020)
League of Legends (Version: 1.3)
LogonStudio
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Media Control 6.0.6
Men of War: Assault Squad (Remove Only) (Version: 1.80.1.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Mathematics (Version: 4.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 3.0.50106.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Might & Magic Heroes VI (Version: 1.0)
Minilyrics(remove only)
MKV Converter Studio V2.0.2 (Version: 2.0.2)
MONOPOLY Build-a-lot Edition (Version: 1.0.1)
Monopoly City (Version: 1.0)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
Mp3tag v2.46a (Version: v2.46a)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nitro PDF Professional (Version: 6.1.1.1)
Novacomd (Version: 1.0.0.73)
NVIDIA Drivers (Version: 1.4)
NVIDIA PhysX (Version: 9.10.0513)
OJOsoft VOB Converter (Version: 2.6.5.0430)
OpenAL
Pando Media Booster (Version: 2.3.4.3)
PDF Converter Pro v6.1 - Upgrade Version (Corporation License) (Version: v5.5)
PDF Settings CS4 (Version: 9.0)
PFConfig 1.0.144 (Version: 1.0.144)
PFPortChecker 1.0.32 (Version: 1.0.32)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
PhotoSync (Version: 1.3.3)
Pocket Tanks Deluxe 1.3
PowerDVD DX (Version: 8.3.5424)
ProtectDisc Driver, Version 11 (Version: 11.0.0.12)
PS3 Media Server (Version: 1.23.0)
Psychology Textbook
PunkBuster Services (Version: 0.990)
QuickTime (Version: 7.68.75.0)
REACTOR (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5919)
Red Faction Armageddon version 1.0 (Version: 1.0)
Registry Mechanic 10.0 (Version: 10.0)
Rosetta Stone Version 3 (Version: 3.4.5.0)
Roxio Burn (Version: 1.01)
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.3 (Version: 5.3.116)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Split/Second (Version: 1.00.0000)
Spybot - Search & Destroy (Version: 1.6.2)
StarCraft II (Version: 1.3.2.18317)
Steam (Version: 1.0.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
SWF Opener (Version: 1.3)
thriXXX VirtuallyJenna-029.002
Total Video Converter 3.12 080330
TuneAid 3.76 (Version: 3.76)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Ventrilo Client (Version: 3.0.8)
Warhammer 40k Space Marine version 1.0 (Version: 1.0)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR archiver
WinSCP 4.3.2 (Version: 4.3.2)
World in Conflict: Soviet Assault (Version: 1.0.1.0)
Xfire (remove only)
Xilisoft DVD to iPhone Converter 5 (Version: 5.0.51.1106)
Yahoo! Messenger
Yahoo! Software Update
Your Uninstaller! 7 (Version: 7.3.2011.2)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 8055.12 MB
Available physical RAM: 6143.5 MB
Total Pagefile: 16108.38 MB
Available Pagefile: 14064.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3989.85 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:111 GB) NTFS

========================= Users: ========================================

User accounts for \\SANOSAVA-PC

Administrator ASPNET Guest
Mcx1-SANOSAVA-PC Sano Sava

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


THank you for your help and concern!

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:08 AM

Posted 23 October 2011 - 11:27 AM

Hi xthewindx,

I want to make sure your computer is no longer infected. Please also install and run a SuperAntiSpyware (following my previous directions), as well as a GMER scan, and post both of those logs.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 xthewindx

xthewindx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 24 October 2011 - 07:19 AM

Hi Jason,

Here's my scan log of the Anti-Virus software. I will post up the GMER scan later today.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/24/2011 at 02:58 AM

Application Version : 5.0.1134

Core Rules Database Version : 7837
Trace Rules Database Version: 5649

Scan type : Complete Scan
Total Scan Time : 03:16:29

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned : 677
Memory threats detected : 0
Registry items scanned : 76003
Registry threats detected : 10
File items scanned : 268759
File threats detected : 683

Malware.Trace
(x86) HKU\S-1-5-21-4186783397-3514254052-3466230550-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Adware.Tracking Cookie
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@a1.interclick[1].txt [ /a1.interclick ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@adknowledge[1].txt [ /adknowledge ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@admarketplace[1].txt [ /admarketplace ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@ads.bighealthtree[1].txt [ /ads.bighealthtree ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@ads.financialcontent[1].txt [ /ads.financialcontent ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@ads.lycos[1].txt [ /ads.lycos ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@ads.undertone[1].txt [ /ads.undertone ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@anrtx.tacoda[1].txt [ /anrtx.tacoda ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@ar.atwola[1].txt [ /ar.atwola ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@at.atwola[2].txt [ /at.atwola ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@bizzclick[1].txt [ /bizzclick ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@bridge2.admarketplace[1].txt [ /bridge2.admarketplace ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@cdn.jemamedia[2].txt [ /cdn.jemamedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@clickkick[2].txt [ /clickkick ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@clicks.thespecialsearch[1].txt [ /clicks.thespecialsearch ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@clicksaudit[1].txt [ /clicksaudit ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@collective-media[1].txt [ /collective-media ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@dc.tremormedia[1].txt [ /dc.tremormedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@findology[1].txt [ /findology ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@interclick[1].txt [ /interclick ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@invitemedia[1].txt [ /invitemedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@invitemedia[2].txt [ /invitemedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@invitemedia[3].txt [ /invitemedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@legolas-media[1].txt [ /legolas-media ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@legolas-media[2].txt [ /legolas-media ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@legolas-media[3].txt [ /legolas-media ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@lucidmedia[1].txt [ /lucidmedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@media.adfrontiers[1].txt [ /media.adfrontiers ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@media6degrees[1].txt [ /media6degrees ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@media6degrees[3].txt [ /media6degrees ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@mediabrandsww[1].txt [ /mediabrandsww ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@mediabrandsww[3].txt [ /mediabrandsww ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@miva.cinomedia[1].txt [ /miva.cinomedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@mm.chitika[1].txt [ /mm.chitika ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@newmusiccountdown.mevio[2].txt [ /newmusiccountdown.mevio ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@p312t1s6064286.kronos.bravenetmedia[1].txt [ /p312t1s6064286.kronos.bravenetmedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@pmamedia.sitescout[1].txt [ /pmamedia.sitescout ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@realmedia[1].txt [ /realmedia ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@revsci[1].txt [ /revsci ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@revsci[2].txt [ /revsci ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@search.amazeclick[1].txt [ /search.amazeclick ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@search.clickbowl[1].txt [ /search.clickbowl ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@search.clicksclick[2].txt [ /search.clicksclick ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@search.clickwhale[2].txt [ /search.clickwhale ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@search.toseeking[1].txt [ /search.toseeking ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@yieldmanager[1].txt [ /yieldmanager ]
C:\Users\Sano Sava\AppData\Roaming\Microsoft\Windows\Cookies\sano_sava@yieldmanager[2].txt [ /yieldmanager ]
C:\USERS\SANO SAVA\Cookies\sano_sava@miva.cinomedia[1].txt [ Cookie:sano sava@miva.cinomedia.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@yieldmanager[2].txt [ Cookie:sano sava@yieldmanager.net/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@bridge2.admarketplace[1].txt [ Cookie:sano sava@bridge2.admarketplace.net/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@mediabrandsww[3].txt [ Cookie:sano sava@mediabrandsww.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@legolas-media[1].txt [ Cookie:sano sava@legolas-media.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@findology[1].txt [ Cookie:sano sava@findology.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@newmusiccountdown.mevio[2].txt [ Cookie:sano sava@newmusiccountdown.mevio.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@media6degrees[3].txt [ Cookie:sano sava@media6degrees.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@invitemedia[3].txt [ Cookie:sano sava@invitemedia.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@clicksaudit[1].txt [ Cookie:sano sava@clicksaudit.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@revsci[2].txt [ Cookie:sano sava@revsci.net/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@search.clickwhale[2].txt [ Cookie:sano sava@search.clickwhale.com/ ]
C:\USERS\SANO SAVA\Cookies\sano_sava@bizzclick[1].txt [ Cookie:sano sava@bizzclick.com/ ]
.kontera.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
user.lucidmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.admicro2.vcmedia.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hitcountersite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.harrenmedianetwork.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.delivery.adnetwork.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counters.gigya.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findology.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.entrepreneur.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaforge.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clicks.thespecialsearch.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.entrepreneur.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dgc18.acecounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaforge.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s09.flagcounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s05.flagcounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s03.flagcounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pointclicktrack.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gsimedia.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gsimedia.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.indoormedia.co.uk [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viewablemedia.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultadworld.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
thegioiteen.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
thegioiteen.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
thegioiteen.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
thegioiteen.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
thegioiteen.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
thegioiteen.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thegioiteen.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thegioiteen.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.warez-bb.org [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.warez-bb.org [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.warez-bb.org [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
acewebtraffic.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
acewebtraffic.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
acewebtraffic.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
acewebtraffic.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
acewebtraffic.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.journalregistercompany.122.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viacom.adbureau.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracker.roitesting.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
optimize.indieclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s02.flagcounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
p413t1s4552829.kronos.bravenetmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.octofinder.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.octofinder.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
xml.happytofind.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpansion.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rotator.adjuggler.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xm.xtendmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
xml.prostreammedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findology.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findology.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findology.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.businessfind.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.businessfind.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.businessfind.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sextoy.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sextoy.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sextoy.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
link.mercent.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wnkiukczmkp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornhub.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pornhub.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.higheroneaccount.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.track.webgains.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myaccountinglab.mathxl.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myaccountinglab.mathxl.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wjnyqiczwcp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6aek4chcpgbp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.ebay.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wjnyopczmkp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.paypal.112.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wnmiegc5iep.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6aeliogdzalq.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wnmywgd5oao.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads-svx.adbrite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wal4ujdjilp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6whkoaicjkbp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wmmiwmd5sap.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wmk4godzabo.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wjny-1ic5eb.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstbeacon.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstbeacon.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.espn.112.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wfmyshdjobp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wnkoamcjiap.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wnloknczwho.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wmloqkazsho.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wnl4shc5sco.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dgc18.acecounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s05.flagcounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wnkiqgdzglp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wdkiakc5okp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wmmyendjigp.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazonmerchants.122.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dgc18.acecounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.find.keywordblocks.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s08.flagcounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bleepbook.in [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adnetwork.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adnetwork.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.delivery.adnetwork.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.delivery.adnetwork.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediaquantics.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rotator.adjuggler.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaquantics.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viacom.adbureau.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viacom.adbureau.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mtvn.112.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultadworld.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
d.mediaforge.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.surveymonkey.122.2o7.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wfkisjazccq.stats.esomniture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.delivery.adnetwork.vn [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.vipgamesnetwork.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.react2media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.react2media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.react2media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediabrandsww.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultadworld.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultadworld.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultadworld.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultadworld.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xxxmatch.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.xxxmatch.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.xxxmatch.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wt.xxxmatch.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultadworld.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultadworld.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\SANO SAVA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
90degreemedia.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
ad.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
admicro2.vcmedia.vn [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
cache.hosting.vcmedia.vn [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
cdn.eyewonder.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
cdn.insights.gravity.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
cdn4.specificclick.net [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
cloud.video.unrulymedia.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
content.yieldmanager.edgesuite.net [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
convoad.technoratimedia.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
convoad.technoratimedia.net [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
core.insightexpressai.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
crackle.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
ec.atdmt.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
i.adultswim.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
ia.media-imdb.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
img-cdn.mediaplex.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
kona.kontera.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
konac.kontera.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
media.adxpansion.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
media.dmcontact.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
media.heavy.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
media.kyte.tv [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
media.mtvnservices.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
media.scanscout.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
media.socialvibe.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
media1.break.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
mediaforgews.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
mediavui.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
myaccountinglab.mathxl.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
objects.tremormedia.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
parksandresorts.wdpromedia.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
s0.2mdn.net [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
s0.adnet.vn [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
secure-us.imrworldwide.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
serving-sys.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
spe.atdmt.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
speed.pointroll.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
static.freecamsexposed.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
static.hosting.vcmedia.vn [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
track.webgains.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
video.redorbit.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
wdw2.wdpromedia.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
widget1.adnet.vn [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
www.99counters.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
www.blackpornmedia.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
www.megaporn.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
www.naiadsystems.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
www.soundclick.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
wwwstatic.megaporn.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
zbox.zanox.com [ C:\USERS\SANO SAVA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y6GCJEV5 ]
C:\WINDOWS\TEMP\COOKIES\SYSTEM@ADXPOSE[1].TXT [ /ADXPOSE ]

Adware.Zugo
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKU\S-1-5-21-4186783397-3514254052-3466230550-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKU\S-1-5-21-4186783397-3514254052-3466230550-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKU\S-1-5-21-4186783397-3514254052-3466230550-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKU\S-1-5-21-4186783397-3514254052-3466230550-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}

Trojan.Agent/Gen-Krpytik
C:\PROGRAM FILES (X86)\ELECTRONIC ARTS\CRYTEK\CRYSIS WARHEAD\RLD-CRWK.EXE

Trojan.Agent/Gen-Bot
C:\PROGRAM FILES (X86)\GAMESPY ARCADE\UNWISE.EXE
C:\USERS\SANO SAVA\APPDATA\LOCAL\TEMP\SMTMP\1\PROGRAMS\GAMESPY ARCADE\UNINSTALL GAMESPY ARCADE.LNK

Trojan.Agent/Gen-Ramnit
C:\PROGRAM FILES (X86)\ITUNES\ITUNESSRV.EXE
C:\USERS\SANO SAVA\DESKTOP\LEAGUE OF LEGENDS RADS\LEAGUE OF LEGENDS RADS.CLEAN\RADS\SOLUTIONS\LOL_GAME_CLIENT_SLN\RELEASES\0.0.0.84\DEPLOY\LEAGUE OF LEGENDSSRV.EXE
C:\Windows\Prefetch\ITUNESSRV.EXE-98FD48B5.pf

Trojan.Agent/Gen-Autorun[Swisyn]
C:\PROGRAM FILES (X86)\K-LITE CODEC PACK\TOOLS\VOBSUBSTRIP.EXE
C:\PROGRAM FILES (X86)\YOUR UNINSTALLER! 7\FOS.EXE
C:\PROGRAM FILES (X86)\YOUR UNINSTALLER! 7\INIMERGE.EXE
C:\USERS\SANO SAVA\APPDATA\LOCAL\TEMP\SMTMP\1\PROGRAMS\K-LITE CODEC PACK\TOOLS\VOBSUBSTRIP.LNK

Trojan.Agent/Gen-RMNet
C:\PROGRAM FILES (X86)\QUICKTIME\PICTUREVIEWER.RESOURCES\EN.LPROJ\PICTUREVIEWERLOCALIZED.DLL
C:\PROGRAM FILES (X86)\QUICKTIME\QTSYSTEM\QUICKTIMEWEBHELPER.RESOURCES\EN.LPROJ\QUICKTIMEWEBHELPERLOCALIZED.DLL
C:\PROGRAM FILES (X86)\QUICKTIME\QTSYSTEM\QUICKTIMEWEBHELPER.RESOURCES\QUICKTIMEWEBHELPER.DLL
C:\PROGRAM FILES (X86)\QUICKTIME\QTSYSTEM\QUICKTIMEAUTHORING.RESOURCES\EN.LPROJ\QUICKTIMEAUTHORINGLOCALIZED.DLL
C:\PROGRAM FILES (X86)\QUICKTIME\QTSYSTEM\QUICKTIMESTREAMING.RESOURCES\EN.LPROJ\QUICKTIMESTREAMINGLOCALIZED.DLL
C:\PROGRAM FILES (X86)\QUICKTIME\QTSYSTEM\QUICKTIME.RESOURCES\QUICKTIME.DLL
C:\PROGRAM FILES (X86)\QUICKTIME\QTSYSTEM\QUICKTIMEAUDIOSUPPORT.RESOURCES\EN.LPROJ\QUICKTIMEAUDIOSUPPORTLOCALIZED.DLL

Trojan.Agent/Gen-Alient
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/ARCANE TRAINER.EXE
C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/BOWMAN 2 TRAINER.EXE
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/CASTLE GUARD TRAINER.EXE
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/CURSOR THIEF TRAINER.EXE
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/DOEO TRAINER.EXE
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/GOD'S PLAYING FIELD TRAINER.EXE
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/INTERACTIVE BUDDY TRAINER.EXE
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/SA TRAINER.EXE
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/STICK DEFENSE TRAINER.EXE
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/TWHG TRAINER.EXE

Trojan.Agent/Gen-Koobface[Bonkers]
ZIP ARCHIVE( C:\USERS\SANO SAVA\DESKTOP\SAVA\ALL\GAME\TRAINERS\MARIOMAN SP'S TRAINER PACK 1.ZIP )/STICK RPG TRAINER.EXE

Rogue.Agent/Gen
C:\WINDOWS\SYSWOW64\DLL8GTTZHYCKVLO.EXE
C:\WINDOWS\SYSWOW64\DLLL8GGRZQHX.EXE
C:\WINDOWS\SYSWOW64\DLLL8GGRZQHXWUV.EXE
C:\WINDOWS\SYSWOW64\DLLL8GGRZQHYWKV.EXE
C:\WINDOWS\SYSWOW64\DLLL99GTXQJYEKV.EXE

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 PM

Posted 24 October 2011 - 12:23 PM

Hi xthewindx,

:exclame: File Infector

I hate to give you bad news, but one of the infections present on your machine was a file infector. File infectors are particularly dangerous because they inject their malicious code into normal files stored on your PC. Unfortunately, Ramnit can infect many file types stored on your PC - including Microsoft Word documents.

In addition, Ramnit is particularly dangerous because it also has back door functionality.

:exclame: Backdoor Trojan warning

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Owing to the fact the Ramnit is a file infector and a backdoor trojan, there is no way to secure this PC fully except to reinstall Windows.

If you need help with this and would like details of how we can save some of your data, then please let me know.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 xthewindx

xthewindx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 24 October 2011 - 08:15 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-24 20:15:04
Windows 6.1.7600
Running: 6svpklgi.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x10 0xB0 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4B 0x8B 0x2C 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD5 0xC1 0x10 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBF 0x0C 0xA3 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x20 0x6B 0xDF 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x10 0xB0 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4B 0x8B 0x2C 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD5 0xC1 0x10 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBF 0x0C 0xA3 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x20 0x6B 0xDF 0x30 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0440B901-EAB1-26A5-A458-7A9D4C26BBF7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D14773A-C82D-247F-CB15-4C0715BAA30D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D14773A-C82D-247F-CB15-4C0715BAA30D}@abbbcjmbbbfigdfldehdikfcigmjeaiegl 0x65 0x62 0x62 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D14773A-C82D-247F-CB15-4C0715BAA30D}@bbbbcjmbbbfigdfldemddpaoajpkhclijlom 0x61 0x62 0x66 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B334650-E3F4-0C3D-1F22-10CF5294A513}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B334650-E3F4-0C3D-1F22-10CF5294A513}@jahlahopkbapbpkknafh 0x6A 0x61 0x69 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B334650-E3F4-0C3D-1F22-10CF5294A513}@ianloacbfoaalbkbcl 0x6A 0x61 0x69 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2D52D21-EEB9-B9A6-B2E7-A885D0F1ABFD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2D52D21-EEB9-B9A6-B2E7-A885D0F1ABFD}@iapelohampdbcdfmel 0x6A 0x61 0x69 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2D52D21-EEB9-B9A6-B2E7-A885D0F1ABFD}@jafejifkocpbnjbcgdee 0x6A 0x61 0x69 0x6E ...

---- Files - GMER 1.0.15 ----

File C:\Users\Sano Sava\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Y6GCJEV5\image.mp3.zing.vn\albumonline\nguyen-vu\special-album-10.\interfaz.swf 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\1V0YI9KH\ErrorPageTemplate[2] 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\2P01H32K\bullet[1] 0 bytes

---- EOF - GMER 1.0.15 ----

#8 xthewindx

xthewindx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 24 October 2011 - 08:22 PM

Wow Casey_boy, thank you for the news even thought it's a bad news. But if I was to reformat my PC, would I be able to back up everything? As in my 1Tetra byte hard drive worth of videos, musics and softwares?

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 PM

Posted 25 October 2011 - 05:59 AM

If you have another drive that we could use, then yes, we could back up your videos and music. Unfortunately, you'd have to reinstall your software.

To back up your personal data:

On a clean PC

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

You can then use this removable drive to copy your personal files to. :exclame: It is important to then scan this drive with an anti-virus program on your clean PC.

Casey

Edited by Casey_boy, 25 October 2011 - 05:59 AM.
spelling

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 xthewindx

xthewindx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 25 October 2011 - 10:26 PM

So absolutely, there is no way whatsoever to fix my PC? I mean , we could do another scan, and if there's no sign then that means it will be clean, right?

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:08 AM

Posted 26 October 2011 - 07:29 AM

Hi xthewindx,

We could do another scan, but unfortunately, one of the infections you had is a file infector (as Casey_Boy said). What this means is that it could have infected legitimate files on your computer. This acts as a domino effect, in that more and more files could potentially be infected as time goes on. We don't know how many of these files have been compromised/infected. It is a lot less time consuming to follow Casey_Boy's advice in backing up your personal files and then reinstalling Windows than to try and find all the files on your computer that are infected.

If you insist on trying to fix this infection instead of following our advice to reformat and reinstall your operating system, there are some tools and various rescue disks available from several anti-virus vendors. Keep in mind there is no guarantee the repair will be successful and you may need to try more than one. Even vendors like Kaspersky say there is no guarantee that some files will not get corrupted during the disinfection process. This means that infected executables and system files can become unusable after attempting to repair them and there's still no quarantee the virus is really gone. Since many of these are legitimate critical files required by the operating system, deletion is not a viable option. This destructive behavior may be by design as explained in File Infectors: To Junk Or Not To Junk.

In my experience, users may find their system performing better for a short time after attempted disinfection only to have it become progressively worst again as the malware continues to reinfect thousands of files. Some folks will try every tool or rescue disk they can find in futile attempts to repair critical system files. If something goes awry during the malware removal process the computer may become unstable or unbootable and you could loose access to all your data. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove the infected files.

Bleeping Computer DOES NOT assume any responsibility for your attempt to repair this infection using any of the following tools. You do this at your own risk and against our advice.

If your computer is bootable, disinfection can be attempted through a combination of the following tools:These are links to Anti-virus vendors that offer free LiveCD or Rescue CD utilities that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 xthewindx

xthewindx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 26 October 2011 - 11:07 PM

Thank you so much for taking your time out and write all that. Just one small question, is it okay for me to ALWAYS press YES whenever Anti-virus scans and finds viruses? I mean, say Kaspersky just found a virus in the win32 area for example. Should I just proceed and let it delete the virus (Quarantine and Remove) or do I actually have to look up online to see if that file should be taken of?
Bottom line, I just don't want to press YES and then the software delete some vital files/registries in my PC. Thus, making the computer itself not rebbootable, has blue screen or worse damaged...I just want to trust it with its own safety when it comes to getting rid of the viruses? Does that make any sense? Sorry, I couldn't come up with a better elaboration.
Thanks and best regards!

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:08 AM

Posted 27 October 2011 - 08:56 AM

Thank you so much for taking your time out and write all that. Just one small question, is it okay for me to ALWAYS press YES whenever Anti-virus scans and finds viruses? I mean, say Kaspersky just found a virus in the win32 area for example. Should I just proceed and let it delete the virus (Quarantine and Remove) or do I actually have to look up online to see if that file should be taken of?
Bottom line, I just don't want to press YES and then the software delete some vital files/registries in my PC. Thus, making the computer itself not rebbootable, has blue screen or worse damaged...I just want to trust it with its own safety when it comes to getting rid of the viruses? Does that make any sense? Sorry, I couldn't come up with a better elaboration.
Thanks and best regards!


Good question. :) Usually, yes, you do want to click Yes. The keyword you mentioned is quarantine. If an antivirus program falsely detects a file as a virus, putting it into quarantine allows you to restore the file at a later time, if in fact it was NOT a virus. (McAfee actually had this happen a couple years ago with a critical file on Windows XP, so false positives are definitely not unheard of.) Also, when in doubt, ask here on BleepingComputer or do your own Google search. You'd be surprised how often other people may have run into the same problem.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users