Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero access


  • Please log in to reply
22 replies to this topic

#1 4on4off

4on4off

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 06 June 2012 - 11:08 AM

Hello,

windows xp home edition.

Sometime back I was cleaning a friends pc that locked up on him. I ran malwarebytes and it found and removed the zeroaccess rootkit. That resulted in no internet connection. When he told me he was getting a new pc for christmas and just needed to limp along till then so I just did a system restore which resstored internet access and gave him his pc back after tweaking some other things. Once he got his new pc for christmas he put this one on ice in case he needed it for something later.

He pulled it out recently and it was boggy as usual. I had reminded him of the nasty zeroaccess that was removed and informed him that it may have left some bits and pieces behind. I picked it up after work this morning and fired it up in safe mode.

I ran tdsskiller and it only found one unsigned file that I skipped.

I am currently running super anti spyware in safe mode and it is at a count of 396 at the moment and is listing things as follows:

rootkit.agent/gen-aluren 14 items found
trojan/dropper/gen.nv 1 item found
trace.known threat sources 5 items found
adware.tracking cookie 367 items found
pup.mywebsearch/funwebproducts 9 items found

That looks pretty ugly! and sas is still running.

This may require combofix and I am not confident to run it without instruction.



4

Edited by 4on4off, 06 June 2012 - 11:09 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:12 AM

Posted 06 June 2012 - 08:21 PM

Helo. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.

Finish the SAS and post that log.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

>>>>
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


<<<
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 06 June 2012 - 11:58 PM

Just got back home. Got to work in the morning and I will try to run the scans and post the requested logs before I head in the morning.

Thank you for your assistance.

4

#4 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 10:22 AM

Boopme


Here is the sas log that was ran in safe mode:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/01/2003 at 01:35 AM

Application Version : 5.0.1150

Core Rules Database Version : 8690
Trace Rules Database Version: 6502

Scan type : Complete Scan
Total Scan Time : 01:05:04

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 289
Memory threats detected : 0
Registry items scanned : 33569
Registry threats detected : 9
File items scanned : 44940
File threats detected : 387

PUP.MyWebSearch/FunWebProducts
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\9AWOVHHB.txt [ /atdmt.com ]
C:\Documents and Settings\Administrator\Cookies\HNVH4TTW.txt [ /media6degrees.com ]
C:\Documents and Settings\Administrator\Cookies\PZ4VMZAX.txt [ /c.atdmt.com ]
C:\Documents and Settings\Administrator\Cookies\FOG93VGF.txt [ /network.realmedia.com ]
C:\Documents and Settings\Administrator\Cookies\YXOVY1CY.txt [ /specificclick.net ]
C:\Documents and Settings\Administrator\Cookies\RAE5QTBM.txt [ /revsci.net ]
C:\Documents and Settings\Administrator\Cookies\EF3ESTHP.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Administrator\Cookies\NSEQ8KP5.txt [ /invitemedia.com ]
C:\Documents and Settings\Administrator\Cookies\WCCAFUEU.txt [ /imrworldwide.com ]
C:\Documents and Settings\Administrator\Cookies\PHIKZPY5.txt [ /interclick.com ]
C:\Documents and Settings\Administrator\Cookies\IU10GA5L.txt [ /doubleclick.net ]
C:\Documents and Settings\Administrator\Cookies\C8HSDYFL.txt [ /questionmarket.com ]
C:\Documents and Settings\Administrator\Cookies\7N93KL0A.txt [ /serving-sys.com ]
C:\Documents and Settings\Administrator\Cookies\HE34I79L.txt [ /fastclick.net ]
C:\Documents and Settings\Administrator\Cookies\LBZ8ITH1.txt [ /advertising.com ]
C:\Documents and Settings\Administrator\Cookies\3OLTRV3J.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Administrator\Cookies\6BR9GXKU.txt [ /realmedia.com ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SS5SBO5K.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T7URUJ2B.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M75KH403.txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KKDUL7ZZ.txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\04ZSSKWM.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U6GA3694.txt [ Cookie:system@pluckit.demandmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HZS0V77X.txt [ Cookie:system@dmtracker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\19IJZWU9.txt [ Cookie:system@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FK7DKOU7.txt [ Cookie:system@search.awesome-find.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M4WSSE00.txt [ Cookie:system@findthisquick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0VV3K33L.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0GCHFOMA.txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\S1H3T1CG.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WOP6FPIQ.txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\O6DEIFEL.txt [ Cookie:system@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XS0T37WF.txt [ Cookie:system@akamai.interclickproxy.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RIYGSIXK.txt [ Cookie:system@marchex.bafind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MN0NQVE5.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\H90FT7GJ.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4GF3CDKO.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AHF1K9W4.txt [ Cookie:system@clicks.thespecialsearch.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DPS0QMQO.txt [ Cookie:system@getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AHUJL3ND.txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\G7HF1G9X.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0B920HCU.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FUPNLLLV.txt [ Cookie:system@sexinfobank.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4UC3WXPB.txt [ Cookie:system@ero-advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PC50XLZL.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UNXVDTZQ.txt [ Cookie:system@mifind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8G37UGU5.txt [ Cookie:system@uiadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BAWG8C9M.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XLMXDHPO.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\A5FP1BHT.txt [ Cookie:system@static.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9K4MSTOI.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5PGD1M9J.txt [ Cookie:system@servedby.adxserve.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HQ2SEJL9.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FC0VSIYM.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CJVV63FK.txt [ Cookie:system@advertise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GXEEVBUM.txt [ Cookie:system@crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3QO5OX7W.txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NNAM2W9V.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7TQITKK1.txt [ Cookie:system@entrepreneur.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X9B7ZVKC.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MHL3T32A.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1L7XRVRK.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9EVK6WN0.txt [ Cookie:system@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VI1V77IR.txt [ Cookie:system@googleads5.in/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VJEYB3AN.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W4B4RCFL.txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MHPW13UP.txt [ Cookie:system@servedby.adxpower.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NDJAMZ1S.txt [ Cookie:system@click.scour.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YHZ0HHAS.txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\E36XRDNZ.txt [ Cookie:system@liveperson.net/hc/71384334 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y8N926LD.txt [ Cookie:system@xml.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L0TYK8K4.txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X2SZPKQW.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X63T27BZ.txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8W6U5O07.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M3JFWXX6.txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JPCL3QCP.txt [ Cookie:system@citygridmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GYEERY5M.txt [ Cookie:system@ad.looktraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T03AKCBW.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WYQF7ZWF.txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AIM1SHK7.txt [ Cookie:system@indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TB10T42L.txt [ Cookie:system@beachcamera.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RQ5S7K4V.txt [ Cookie:system@tracking.google-placement.com.re.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JWNG7W4A.txt [ Cookie:system@geltmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UBQCLU1T.txt [ Cookie:system@www.guysfinders.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RSY249AO.txt [ Cookie:system@goclicker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CBR453NY.txt [ Cookie:system@optimize.indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y9U022UU.txt [ Cookie:system@www.pornhub.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YY5SVXFS.txt [ Cookie:system@beacon.dmsinsights.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XMVXS27T.txt [ Cookie:system@rotator.adjuggler.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\14LPZHCG.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Q9EOG75K.txt [ Cookie:system@www.eamaze.com/ADS/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RJUD91PP.txt [ Cookie:system@search.great-deal-find.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y3R1NPGV.txt [ Cookie:system@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QKQCIQTJ.txt [ Cookie:system@goodcholesterolcount.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YM8WQLWS.txt [ Cookie:system@lifestyle.gourmandia.com/advertisement/includes/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0LO018DP.txt [ Cookie:system@servedby.adxpower.com/servlet/ajrotator/278895/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\44PXIWUO.txt [ Cookie:system@perfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M3004J4X.txt [ Cookie:system@c.gigcount.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ITSL2YU7.txt [ Cookie:system@amazon-adsystem.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0N9G416Q.txt [ Cookie:system@tracking.dsmmadvantage.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PLO2VGW2.txt [ Cookie:system@educationcom.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\13RK1HMF.txt [ Cookie:system@mediatraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5C3LL8ET.txt [ Cookie:system@ads.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QNEV3409.txt [ Cookie:system@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\737J33AO.txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FKZ45XU8.txt [ Cookie:system@fidelity.rotator.hadj7.adjuggler.net/servlet/ajrotator/146993/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RFHDQCF9.txt [ Cookie:system@adup.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M7WL30FI.txt [ Cookie:system@cartoonpornz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\H1XOMNPT.txt [ Cookie:system@ehg-wss.hitbox.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9WLI4LZH.txt [ Cookie:system@cn.clickable.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KGLK2UHM.txt [ Cookie:system@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V2EDNOZR.txt [ Cookie:system@liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5N0ABAK7.txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HGJPBC9H.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FX1M3J73.txt [ Cookie:system@smartadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TUPJ0TSN.txt [ Cookie:system@revenue.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MIUVMT1C.txt [ Cookie:system@adserving.ezanga.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\63JXERYD.txt [ Cookie:system@citi.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LJKZ74WS.txt [ Cookie:system@tag.mediashakers.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LYGQZI8W.txt [ Cookie:system@youngbucks.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QKC483TJ.txt [ Cookie:system@c.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UQ0XVK81.txt [ Cookie:system@aimfar.solution.weborama.fr/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TS8WCOJ2.txt [ Cookie:system@flatwatermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7ATNR6S2.txt [ Cookie:system@mediamultimedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QVSYORQP.txt [ Cookie:system@stat.onestat.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GU5JWXOS.txt [ Cookie:system@tns-counter.ru/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YZHK9GLV.txt [ Cookie:system@buy.xxx/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\780APNED.txt [ Cookie:system@pubads.g.doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OO8GS38H.txt [ Cookie:system@gottracked.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KVSQU30K.txt [ Cookie:system@intfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZR3DW3DW.txt [ Cookie:system@clicks.geltmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GOL73UB3.txt [ Cookie:system@eas.apm.emediate.eu/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0UFYWT3C.txt [ Cookie:system@tmtraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JLLHC5G4.txt [ Cookie:system@premiumtv.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TGVEFLV0.txt [ Cookie:system@ppctracker.org/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YKN9Q0QQ.txt [ Cookie:system@sitefindonline.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\17AAOGX1.txt [ Cookie:system@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TNORD7HS.txt [ Cookie:system@linksynergy.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ATY18BWY.txt [ Cookie:system@chimeraadvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C3A4LH0V.txt [ Cookie:system@smartfindonline.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XX37J9FB.txt [ Cookie:system@kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U47LIK2E.txt [ Cookie:system@clickthrough.kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CJRHC6HL.txt [ Cookie:system@xml.prostreammedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0S23HV3V.txt [ Cookie:system@cdn.eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IH15N2X5.txt [ Cookie:system@findloantool.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T6TZP0ND.txt [ Cookie:system@hhm.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0TNCKAB0.txt [ Cookie:system@realmedianetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MDRM307G.txt [ Cookie:system@bizzclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5A5AQBPH.txt [ Cookie:system@filter.plusfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2E3UEI4Y.txt [ Cookie:system@brandspotmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4FL6YSTS.txt [ Cookie:system@server.cpmstar.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6MFOV0EU.txt [ Cookie:system@banners.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L5EU8T1Z.txt [ Cookie:system@www.babble.com/Ad/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8J6I3DHY.txt [ Cookie:system@beta-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NAI82J30.txt [ Cookie:system@sysufind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KDB1V57D.txt [ Cookie:system@xml.admanage.com/xml/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ACFSG3DG.txt [ Cookie:system@lokyfind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\J07MJW57.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MOG9BY5H.txt [ Cookie:system@overture.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\37N6CYDG.txt [ Cookie:system@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0O706CDK.txt [ Cookie:system@server.iad.liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BP7GAQ5U.txt [ Cookie:system@www.republicofadvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\51GEN5KL.txt [ Cookie:system@ads.networldmedia.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1A1K3LEH.txt [ Cookie:system@friendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XETNJIKB.txt [ Cookie:system@msn.com/id/45533539/ns/the_new_york_times/t/amid-sex-abuse-scandal-jerry-sandusky-tells-his-own-story/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PCBL33UQ.txt [ Cookie:system@lovecomm.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EOSLQFRN.txt [ Cookie:system@pappasgroup.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V814E5M9.txt [ Cookie:system@gotacha.rotator.hadj7.adjuggler.net/servlet/ajrotator/135114/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\60K1TN1O.txt [ Cookie:system@solvemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QCUTZ85M.txt [ Cookie:system@www.geocliks.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KPECWBZC.txt [ Cookie:system@virtualfindit.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K87V3CQD.txt [ Cookie:system@pfatracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UWH249Z2.txt [ Cookie:system@about.xxx/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\H602XW0X.txt [ Cookie:system@www.bestdatafind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\550Y6N47.txt [ Cookie:system@clickkick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6S5Q81CH.txt [ Cookie:system@martiniadnetwork.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XTLA6BZE.txt [ Cookie:system@ghmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HEC4OHYO.txt [ Cookie:system@hitbox.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X5S97ERL.txt [ Cookie:system@societegenerale.solution.weborama.fr/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N07DQY0B.txt [ Cookie:system@adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OE8M13QQ.txt [ Cookie:system@realyfinded.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OSQAZI1O.txt [ Cookie:system@ggpublishing.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\P1FJD5B3.txt [ Cookie:system@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\725OCZ3O.txt [ Cookie:system@fl01.ct2.comclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QR3JJ44T.txt [ Cookie:system@liveperson.net/hc/32873135 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BVAYQ2M9.txt [ Cookie:system@prosper.swiftclicksolutions.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LW9VJSU5.txt [ Cookie:system@t.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9DXHI30E.txt [ Cookie:system@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EXFB961N.txt [ Cookie:system@s.clickability.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IU1HI0TW.txt [ Cookie:system@mtvn.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4BFHQBYM.txt [ Cookie:system@unrulymedia.com/blank.gif ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\O3OQSQ83.txt [ Cookie:system@tracking.awesomedailywinner.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4DEGIZWQ.txt [ Cookie:system@adlegend.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DPTLP4NL.txt [ Cookie:system@traveladvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\E9OAYGY0.txt [ Cookie:system@content.yieldmanager.com/ak/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QCAZY6CJ.txt [ Cookie:system@web-traffic-analysis.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UI2R1V2B.txt [ Cookie:system@fls.doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7D0Y4C0W.txt [ Cookie:system@totalbeauty.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3WIL4ICG.txt [ Cookie:system@adultfriendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DZG51Z3K.txt [ Cookie:system@exoclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\579VOS15.txt [ Cookie:system@www.findallofitsite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\D29IK8TL.txt [ Cookie:system@www.mediatraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1AUTU06O.txt [ Cookie:system@www.trackimizer.com/2b8a61594b1f4c4db0902a8a395ced93/path/ ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ERALWHKU.txt [ Cookie:system@revsci.net/ ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W06BMVHQ.txt [ Cookie:system@keepufind.com/ ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WJQJ7765.txt [ Cookie:system@burstbeacon.com/ ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\COZI1XCK.txt [ Cookie:system@travel.aol.com/discount-travel/ ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZRR7I75T.txt [ Cookie:system@trackalyzer.com/ ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TYN9NKH5.txt [ Cookie:system@nextag.com/ ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4ADY18QG.txt [ Cookie:system@mediaforge.com/ ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UKOPLDQ6.txt [ Cookie:system@www.findstuffforme.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\25FTHVSX.txt [ Cookie:system@ehg-nestlewaters.hitbox.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JRSZ3Y5Q.txt [ Cookie:system@msnbc.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ARWOSOG7.txt [ Cookie:system@www.findallofittoday.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DO58U7DE.txt [ Cookie:system@cdmedia.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\X0EF8ISU.txt [ Cookie:owner@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\FH3EA4K2.txt [ Cookie:owner@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\V55X07FB.txt [ Cookie:owner@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\3JD79Q7A.txt [ Cookie:owner@exoclick.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\FM0K3XI7.txt [ Cookie:owner@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\WGIQ8Z2T.txt [ Cookie:owner@openx.sexsearchcom.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\KON5Y3AS.txt [ Cookie:owner@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\SNFSF88H.txt [ Cookie:owner@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\3XTKFH7P.txt [ Cookie:owner@tacoda.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\Z0CA7F1R.txt [ Cookie:owner@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\VZT1CUEL.txt [ Cookie:owner@www.youporn.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\UARHVV0N.txt [ Cookie:owner@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\RX5833OI.txt [ Cookie:owner@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\ZMU9Z3PN.txt [ Cookie:owner@leeenterprises.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\PLU0J5YS.txt [ Cookie:owner@akamai.interclickproxy.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\MM2HO2JG.txt [ Cookie:owner@stats.townnews.com/tdn.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\G1SZMX0M.txt [ Cookie:owner@paypal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\RWKWXN1P.txt [ Cookie:owner@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\MTL303G6.txt [ Cookie:owner@riptownmedia.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\EXY4W6FE.txt [ Cookie:owner@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\EOPJ282M.txt [ Cookie:owner@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\W7PB86FH.txt [ Cookie:owner@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\Z1T14479.txt [ Cookie:owner@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\4QRCYV77.txt [ Cookie:owner@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\OVECH05J.txt [ Cookie:owner@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\UFO2C3U9.txt [ Cookie:owner@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\4BJ7IL0Y.txt [ Cookie:owner@stats.ebay.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\TF2KVJMJ.txt [ Cookie:owner@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\F6K74XZE.txt [ Cookie:owner@s.clickability.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\R20KEIAA.txt [ Cookie:owner@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\MX6Z3XM6.txt [ Cookie:owner@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\IGKZJ44B.txt [ Cookie:owner@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\4LJ7WKQG.txt [ Cookie:owner@overture.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\MFEGY3QH.txt [ Cookie:owner@stats.paypal.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\T9A2XMG5.txt [ Cookie:owner@ads.crakmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\HIO6Q20M.txt [ Cookie:owner@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\ISZ9V6DK.txt [ Cookie:owner@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\A4LXM5Y5.txt [ Cookie:owner@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\P9LNQ41Z.txt [ Cookie:owner@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\A0PF13CB.txt [ Cookie:owner@dmtracker.com/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\R31EMDDN.txt [ Cookie:owner@statcounter.com/ ]
ad.adlegend.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
cdn.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
cdn.selectablemedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
cdn5.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
crackle.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
media.expedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
media.heavy.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
service.twistage.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
tag.mediashakers.hiro.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
www.goodcholesterolcount.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XRZT9XA4 ]
a.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
ads1.msn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
b.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
bannerfarm.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
content.video.imedia.ro [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
convoad.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
crackle.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
data-ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
files.youporn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
gay.porntube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
hs.interpolls.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
macromedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media.adxpansion.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media.amctv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media.kgw.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media.socialvibe.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media.tattomedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media1.spinletslab.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
media10.washingtonpost.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
mediaforgews.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
msntest.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
oddcast.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
sex.healthguru.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
sftrack.searchforce.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
static.cdn.360.sorensonmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
stmedia.startribune.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
thebigpornsecret.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
thumbs.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
udn.specificclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
vhss-d.oddcast.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
www.clickstrackingz.info [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
www.malepornstarsexposed.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
www.naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
www.pornstarnetwork.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
www.soundclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]
yo.static.presidiomedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NR9V5DV9 ]

Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\AW117W5D\fc548d3114a0c_2174666[1].flv [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\AW117W5D\crossdomain[1].xml [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\5TMNXD66\ee9cee4163ed3_2176442[1].mp4 [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\4R3M8O71\59b8caa9266b8_2176342[1].flv [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\5TMNXD66\ee9cee4163ed3_2176439[1].mp4 [ cache:wista ]

Trojan.Dropper/Gen-NV
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\XNFFZ1TYNVRCNTPJONYVRFYMGCOXZUS22\SVCNOST.EXE

Rootkit.Agent/Gen-Alureon
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1419\A0170628.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1420\A0171628.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1420\A0171632.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1420\A0171634.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1422\A0172634.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1422\A0172642.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1422\A0172666.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1422\A0173666.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1422\A0173682.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1422\A0173691.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1422\A0173700.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1423\A0173718.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1424\A0174005.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{162F2240-1518-4FFC-BB65-EFFC49A95DA9}\RP1425\A0174304.SYS


Here is the mwb quick scan log that was ran in reg mode:

NOTE: prior to the posting of your instructions I did run a full mwb scan in safe mode which found and removed "misused.legit"---just thought I would mention it

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.07.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-FE48A2AA2 [administrator]

6/6/2012 6:36:53 PM
mbam-log-2012-06-06 (18-36-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252109
Time elapsed: 23 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-06 19:04:26
-----------------------------
19:04:26.843 OS Version: Windows 5.1.2600 Service Pack 3
19:04:26.843 Number of processors: 1 586 0xA00
19:04:26.843 ComputerName: OWNER-FE48A2AA2 UserName: Owner
19:04:27.546 Initialize success
19:08:44.609 AVAST engine defs: 12060602
19:09:28.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:09:28.500 Disk 0 Vendor: Maxtor_6Y120L0 YAR41BW0 Size: 117246MB BusType: 3
19:09:28.500 Disk 0 MBR read successfully
19:09:28.500 Disk 0 MBR scan
19:09:28.562 Disk 0 Windows XP default MBR code
19:09:28.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 117232 MB offset 63
19:09:28.625 Disk 0 scanning sectors +240091425
19:09:28.703 Disk 0 scanning C:\WINDOWS\system32\drivers
19:09:55.656 Service scanning
19:10:11.500 Service MpKsl32376b69 c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96352DEE-16E0-411A-AAC3-DD3073B19C30}\MpKsl32376b69.sys **LOCKED** 32
19:10:35.796 Modules scanning
19:10:44.953 Disk 0 trace - called modules:
19:10:44.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:10:45.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f7bab8]
19:10:45.484 3 CLASSPNP.SYS[f771afd7] -> nt!IofCallDriver -> \Device\00000061[0x85f88f18]
19:10:45.484 5 ACPI.sys[f7691620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85f8f940]
19:10:45.890 AVAST engine scan C:\
19:13:41.046 File: C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\6a450ce1-72db7b31 **INFECTED** Win32:Malware-gen
23:57:34.406 Scan finished successfully
03:44:37.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
03:44:39.109 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


I was running the eset scan over night and it would appear that some windows updates are set to automatically install and it must have rebooted the pc. I am not sure if the eset scan completed and if it did where I can locate a log that may have been produced. I am currently running it again. Also I did run it in safe mode prior to your instructions and it did find and remove a "trojandownloader.AQ"

One last thing to note is that during this entire process MSE was detecting various java exploits and neutralizing them. I do have it off during the eset scan.

I figured I better get this on here in case the reboot was something else and it happens again. I will post the eset scan results if it finds anything once it is done.

4

#5 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 11:54 AM

I did finally find the log and it was cut short. I just completed the eset scan and it did not find any threats and did not produce a list to export.

4

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:12 AM

Posted 07 June 2012 - 08:54 PM

OK, this looks clean ... do you still have problems?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 08:57 PM

Actually, I haven't messed with it much, I will fire it up and cruise around to see if mse keeps encountering the same java exploits. I will report back and let you know if anything pops up.

4

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:12 AM

Posted 07 June 2012 - 09:06 PM

Thanks
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 09:11 PM

Well I just fired it up and it seemed stuck in "loading personal settings" then a windows product activiation window showed up saying that: since it was first activated on this computer the hardware has changed significantly, due to these changes , windows must be reactivated within 3 days, do you want to reactivate windows now?

First time seeing this, does this make sense?

4

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:12 AM

Posted 07 June 2012 - 09:15 PM

does this make sense?

No but they do it.. Have your Key ready.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 09:19 PM

okay, well i will see if I can reach the belarc profile I created for this pc and retrieve the code. I clicked no until I do soe because the sticker with the code is half gone on the tower. It fired up but so far it is just the picture they have for a desktop that I see, no icons and nothing at the bottom.

4

#12 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 09:26 PM

Shut it down and fired it back up. It has been sitting at loading personal setting for some time now.......

#13 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 09:28 PM

It finally popped up saying it must be activated so I am going into safe mode to see if I can retrieve the product key from the belarc profile.

#14 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 09:30 PM

Well crap, now it is saying I cannot even go into safe mode without activating.....since I did not safe the belarc profile on my thumb and the tag for the code is half gone on the tower I think I may be screwed at this point. Well let me double check the thumb drive as I have worked on this pc in the past...Nope I do not see this guys particular belarc profile on my thumb,,,,,

Edited by 4on4off, 07 June 2012 - 09:33 PM.


#15 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 07 June 2012 - 09:36 PM

Okay, well this is not good, the product key is half gone on the sticker on the tower and I cannot access anything without entering it. I did not safe the belarc profile to my thumb so ,,,,,not sure what to do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users