Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

micro httpd


  • This topic is locked This topic is locked
9 replies to this topic

#1 Tilkon

Tilkon

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 06 October 2013 - 02:33 PM

Hello,

 

I am on Xp SP3 running Kaspersky.

 

I recently got my account password changed, and could not log in my account. So I entered from a second account, also with administrator priviliges, and reset my account password.

 

Now, few days later, also the second accont paswword has been changed.

 

Obviously something strange is going on.

 

I checked for viruses with Kaspersky but no threats detected.

 

I tried to enter the router setup page, and got a pink page reading "error 404 micro httpd". Then tried again, and managed to enter the router setup page. The same thing happened few days ago after the first password change: error 404 at first, then entered setup page at the second attempt.

 

Am I infected? What to do?

 

 



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:33 AM

Posted 06 October 2013 - 02:45 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware
 

Please download Malwarebytes Anti-Malware
and save it to your desktop.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



SUPERAntiSpyware:
 
 

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Now GMER
 
 

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 08 October 2013 - 05:56 AM

Hello,

 

below the results.

Note:

with Superabtispyware I did not see the C:\Fixed Drive option. I instead selected C: D: and F:

with GMER I got a rootkit warning, I clicked OK, but the scan did not continue. So the rootkit warning happened in the end of the scan, or it actually stopped the scan.

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: LEGENDA [administrator]

6.10.13 22.09.16
mbam-log-2013-10-06 (22-09-16).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 950081
Time elapsed: 4 hour(s), 24 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.0.14.0 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.0.14.0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Documents and Settings\Egle\Application Data\PRICEGONG (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\OPENCANDY (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\OPENCANDY\OpenCandy_FA2CE4A6EC134326B7897379262DADE0 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

Files Detected: 106
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_FA2CE4A6EC134326B7897379262DADE0\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-796845957-790525478-839522115-1009\Dc12.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-796845957-790525478-839522115-1009\Dc16.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-796845957-790525478-839522115-1009\Dc9.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\l.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\1.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\15969.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\16657.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\16881.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\17158.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\17781.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\2229.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\2257.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\4489.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\7031.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\a.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\b.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\c.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\d.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\e.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\f.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\g.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\h.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\i.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\J.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\k.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\m.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\mru.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\n.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\o.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\p.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\q.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\r.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\s.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\t.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\u.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\v.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\w.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\x.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\y.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Egle\Application Data\PRICEGONG\Data\z.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\16685.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\2229.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\2257.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\2501.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\7031.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\8626.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\OPENCANDY\OPENCANDY_FA2CE4A6EC134326B7897379262DADE0\1536.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\OPENCANDY\OPENCANDY_FA2CE4A6EC134326B7897379262DADE0\NitriPDFen32_p1v2.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
 


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/08/2013 at 07:51 AM

Application Version : 5.6.1040

Core Rules Database Version : 10813
Trace Rules Database Version: 8625

Scan type       : Complete Scan
Total Scan Time : 22:22:17

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 236
Memory threats detected   : 0
Registry items scanned    : 40295
Registry threats detected : 0
File items scanned        : 679331
File threats detected     : 840

Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\4UCK5XPM.txt [ /ads.kmplayer.com ]
    C:\Documents and Settings\Owner\Cookies\2AO9JWPZ.txt [ /advertising.com ]
    C:\Documents and Settings\Owner\Cookies\08CAXF3C.txt [ /accounts.google.com ]
    C:\Documents and Settings\Owner\Cookies\F0OES99M.txt [ /media6degrees.com ]
    C:\Documents and Settings\Owner\Cookies\URZI0R7V.txt [ /ferrero2.solution.weborama.fr ]
    C:\Documents and Settings\Owner\Cookies\HELGW46J.txt [ /lucidmedia.com ]
    C:\Documents and Settings\Owner\Cookies\7SYU4NBQ.txt [ /revsci.net ]
    C:\Documents and Settings\Owner\Cookies\HW4O1L32.txt [ /atdmt.com ]
    C:\Documents and Settings\Owner\Cookies\ADTLZN2C.txt [ /msnportal.112.2o7.net ]
    C:\Documents and Settings\Owner\Cookies\L5VNV4PS.txt [ /c.atdmt.com ]
    C:\Documents and Settings\Owner\Cookies\1GINSLT8.txt [ /weborama.fr ]
    C:\Documents and Settings\Owner\Cookies\KLITHM4V.txt [ /accounts.google.com ]
    C:\Documents and Settings\Owner\Cookies\4IAOAGAF.txt [ /ru4.com ]
    C:\Documents and Settings\Owner\Cookies\X07SKTC0.txt [ /doubleclick.net ]
    C:\Documents and Settings\Owner\Cookies\XXGYRSDA.txt [ /serving-sys.com ]
    C:\Documents and Settings\Owner\Cookies\2YN1EVLB.txt [ /invitemedia.com ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\472L4BTL.txt [ Cookie:egle@paypal.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\Y69TCY25.txt [ Cookie:egle@samsung3.solution.weborama.fr/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@audit.median[1].txt [ Cookie:egle@audit.median.hu/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@adsplius[2].txt [ Cookie:egle@adsplius.lt/banners_15min.js ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@adv.arubamediamarketing[1].txt [ Cookie:egle@adv.arubamediamarketing.it/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\1YRRWVSA.txt [ Cookie:egle@ru4.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\7AXAN6C6.txt [ Cookie:egle@adinterax.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@imrworldwide[2].txt [ Cookie:egle@imrworldwide.com/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\6YF1YUMO.txt [ Cookie:egle@www.google.com/accounts ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\FJSQ43XV.txt [ Cookie:egle@weborama.fr/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\90TCBG3Y.txt [ Cookie:egle@rts.pgmediaserve.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\1WXYILEG.txt [ Cookie:egle@azjmp.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\FAG3DGSM.txt [ Cookie:egle@bs.serving-sys.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\FVGRY7VH.txt [ Cookie:egle@shinystat.com/cgi-bin/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\MOO2CTG8.txt [ Cookie:egle@atdmt.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@ads2.on-line[2].txt [ Cookie:egle@ads2.on-line.lt/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@eas7.emediate[1].txt [ Cookie:egle@eas7.emediate.eu/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\IY6LRXE0.txt [ Cookie:egle@advertising.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\JW8OOOUQ.txt [ Cookie:egle@serving-sys.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\N37TXUNW.txt [ Cookie:egle@smartadserver.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@inbev.solution.weborama[2].txt [ Cookie:egle@inbev.solution.weborama.fr/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\NE36CEWA.txt [ Cookie:egle@mediaplex.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\ODOHR1QA.txt [ Cookie:egle@adbrite.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\T9HRCVUY.txt [ Cookie:egle@lfstmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\EMGV4BSA.txt [ Cookie:egle@pro-market.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\DC3KRQVI.txt [ Cookie:egle@eas4.emediate.eu/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@t.bbtrack[2].txt [ Cookie:egle@t.bbtrack.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\72IR5QNQ.txt [ Cookie:egle@mediaplaynow.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\SKZAB81K.txt [ Cookie:egle@data.coremetrics.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\YONU2SNK.txt [ Cookie:egle@rambler.ru/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\X7HOUEFR.txt [ Cookie:egle@ad.yieldmanager.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\2JG4LIPF.txt [ Cookie:egle@eas8.emediate.eu/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\QW7S5NER.txt [ Cookie:egle@revsci.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\H278BCVQ.txt [ Cookie:egle@invitemedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\SD0HAL6N.txt [ Cookie:egle@ad.zanox.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\JUQL7D8Z.txt [ Cookie:egle@ads3.ipon.lt/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\MX2HMOMF.txt [ Cookie:egle@www.googleadservices.com/pagead/conversion/969188815/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\MCY6ONSO.txt [ Cookie:egle@adcentriconline.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\PMIW9AKZ.txt [ Cookie:egle@wmedia.rotator.hadj7.adjuggler.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\KE89A7KN.txt [ Cookie:egle@media6degrees.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\AHB0RMN2.txt [ Cookie:egle@in.getclicky.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\YKUAI5H0.txt [ Cookie:egle@zedo.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\PR2N9DH6.txt [ Cookie:egle@natuzzi.solution.weborama.fr/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@tribalfusion[2].txt [ Cookie:egle@tribalfusion.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\PJEJ2GA1.txt [ Cookie:egle@s14.shinystat.com/cgi-bin/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\WXR5FULC.txt [ Cookie:egle@cocacola2.solution.weborama.fr/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\3YBD0W48.txt [ Cookie:egle@partypoker.it/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\Z9WNOQTW.txt [ Cookie:egle@casalemedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@adxpose[1].txt [ Cookie:egle@adxpose.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\3QADOCNV.txt [ Cookie:egle@clicksor.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\UNT672ED.txt [ Cookie:egle@trafficmp.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\31Q2H8WP.txt [ Cookie:egle@myroitracking.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\B2AGNECK.txt [ Cookie:egle@zbox.zanox.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\ZLOPPNRM.txt [ Cookie:egle@poinx.solution.weborama.fr/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\3VPWPE6Q.txt [ Cookie:egle@specificclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\9D2L5ZAA.txt [ Cookie:egle@content.yieldmanager.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\4KDCSGM7.txt [ Cookie:egle@ads.karambamedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\JIU7R4JN.txt [ Cookie:egle@s9.shinystat.com/cgi-bin/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@viasatsatelliteservices.112.2o7[1].txt [ Cookie:egle@viasatsatelliteservices.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\J0ZR3YK3.txt [ Cookie:egle@adtech.de/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\QZSMN81T.txt [ Cookie:egle@supremeadserver.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\3EIUUM15.txt [ Cookie:egle@content.yieldmanager.com/ak/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\F1GPW612.txt [ Cookie:egle@247realmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@clickfuse[2].txt [ Cookie:egle@clickfuse.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\5IOG87PU.txt [ Cookie:egle@statse.webtrendslive.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\QK2I4S5S.txt [ Cookie:egle@doubleclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@static.freewebs.getclicky[1].txt [ Cookie:egle@static.freewebs.getclicky.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\egle@mm.chitika[1].txt [ Cookie:egle@mm.chitika.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\WFT0Q8XK.txt [ Cookie:egle@xm.xtendmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\KK6L040F.txt [ Cookie:egle@media6degrees.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\ELELZCXA.txt [ Cookie:egle@www.google.lt/accounts ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\8VHML9E2.txt [ Cookie:egle@server.cpmstar.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\DTN5H8ED.txt [ Cookie:egle@accounts.google.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\G3R75TUF.txt [ Cookie:egle@tradedoubler.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\6G3P8G8A.txt [ Cookie:egle@2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\TR3H6831.txt [ Cookie:egle@elitemodel.it/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\2HGH82OQ.txt [ Cookie:egle@pg2.solution.weborama.fr/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\LKGNAUU8.txt [ Cookie:egle@gotacha.rotator.hadj7.adjuggler.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\SFUB0XCJ.txt [ Cookie:egle@loral.solution.weborama.fr/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\B7W2NNG7.txt [ Cookie:egle@track.adform.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\2GYZ3XAI.txt [ Cookie:egle@c.atdmt.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\E2D1NH65.txt [ Cookie:egle@stat.dealtime.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\7CJ8F0O5.txt [ Cookie:egle@adform.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\WNJSN8RQ.txt [ Cookie:egle@adserver.adtechus.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\QUKOJ9GL.txt [ Cookie:egle@yieldmanager.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\QQGAZ4HX.txt [ Cookie:egle@cp.adform.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\NGLQLX8C.txt [ Cookie:egle@e2.emediate.se/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\JC2DO0U7.txt [ Cookie:egle@questionmarket.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\ZLL17OJU.txt [ Cookie:egle@engine.adclick.lt/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\7ZNQEZUB.txt [ Cookie:egle@adserver.adreactor.com/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\S53NP624.txt [ Cookie:egle@webresint.122.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\EGLE\Cookies\9BZQO7CZ.txt [ Cookie:egle@www.google.it/accounts ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@chitika[1].txt [ Cookie:guest@chitika.net/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@profiles.hitslink[1].txt [ Cookie:guest@profiles.hitslink.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@avgtechnologies.112.2o7[1].txt [ Cookie:guest@avgtechnologies.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@revsci[2].txt [ Cookie:guest@revsci.net/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@doubleclick[2].txt [ Cookie:guest@doubleclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@imrworldwide[2].txt [ Cookie:guest@imrworldwide.com/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@kaspersky.122.2o7[1].txt [ Cookie:guest@kaspersky.122.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@invitemedia[1].txt [ Cookie:guest@invitemedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@msnportal.112.2o7[1].txt [ Cookie:guest@msnportal.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@google[5].txt [ Cookie:guest@google.com/accounts/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@ads.iclick[1].txt [ Cookie:guest@ads.iclick.lt/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@content.yieldmanager[2].txt [ Cookie:guest@content.yieldmanager.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@tacoda[2].txt [ Cookie:guest@tacoda.net/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@statse.webtrendslive[1].txt [ Cookie:guest@statse.webtrendslive.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@ads.bridgetrack[2].txt [ Cookie:guest@ads.bridgetrack.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@media.adrevolver[1].txt [ Cookie:guest@media.adrevolver.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@tribalfusion[1].txt [ Cookie:guest@tribalfusion.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@insightexpressai[2].txt [ Cookie:guest@insightexpressai.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@questionmarket[2].txt [ Cookie:guest@questionmarket.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@content.yieldmanager[3].txt [ Cookie:guest@content.yieldmanager.com/ak/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@interclick[1].txt [ Cookie:guest@interclick.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@bs.serving-sys[1].txt [ Cookie:guest@bs.serving-sys.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@pointroll[1].txt [ Cookie:guest@pointroll.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@dynamic.media.adrevolver[2].txt [ Cookie:guest@dynamic.media.adrevolver.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@www.mediaworld[1].txt [ Cookie:guest@www.mediaworld.it/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@collective-media[1].txt [ Cookie:guest@collective-media.net/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@insight24[1].txt [ Cookie:guest@insight24.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@at.atwola[2].txt [ Cookie:guest@at.atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@adtech[1].txt [ Cookie:guest@adtech.de/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@advertising[2].txt [ Cookie:guest@advertising.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@richmedia.yahoo[2].txt [ Cookie:guest@richmedia.yahoo.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@adsplius[1].txt [ Cookie:guest@adsplius.lt/banners_plius.js ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@ads.mediaon[2].txt [ Cookie:guest@ads.mediaon.it/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@www.googleadservices[1].txt [ Cookie:guest@www.googleadservices.com/pagead/conversion/1061266677/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@crack0hack.wetpaint[1].txt [ Cookie:guest@crack0hack.wetpaint.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@mediaplex[2].txt [ Cookie:guest@mediaplex.com/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@overture[1].txt [ Cookie:guest@overture.com/ ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\USDVPJYR.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\EGLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HD8VCUH6.DEFAULT\COOKIES.SQLITE ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@AD.ADOCEAN[2].TXT [ /AD.ADOCEAN ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@ADINTERAX[2].TXT [ /ADINTERAX ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@ADS.ICLICK[1].TXT [ /ADS.ICLICK ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@ADS.LZJL[2].TXT [ /ADS.LZJL ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@ADS.RCS[1].TXT [ /ADS.RCS ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@ADSERVE.CHICKADVISOR[1].TXT [ /ADSERVE.CHICKADVISOR ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@ADV.ALICE[1].TXT [ /ADV.ALICE ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@APMEBF[2].TXT [ /APMEBF ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
    C:\DOCUMENTS AND SETTINGS\EGLE\COOKIES\EGLE@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
    msntest.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZAN4MKNJ ]
    secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZAN4MKNJ ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    cdn.uc.atwola.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    audit.median.hu [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .adviva.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    stat.swedbank.se [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    2.s04.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    s04.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .shinystat.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    s14.shinystat.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    s14.shinystat.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .www.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .www.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .www.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .www.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    www.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .premiumtv.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .tns-counter.ru [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .yadro.ru [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EXULWNZI.DEFAULT\COOKIES.SQLITE ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@AD.ADOCEAN[2].TXT [ /AD.ADOCEAN ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@AD.C-WEB[2].TXT [ /AD.C-WEB ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@AD.WSOD[2].TXT [ /AD.WSOD ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ADREVOLVER[1].TXT [ /ADREVOLVER ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ADS.FULLDLS[1].TXT [ /ADS.FULLDLS ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ADS.MONSTER[1].TXT [ /ADS.MONSTER ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ADS.OOKLA[2].TXT [ /ADS.OOKLA ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ADS2.ON-LINE[2].TXT [ /ADS2.ON-LINE ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@APMEBF[1].TXT [ /APMEBF ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ATDMT[2].TXT [ /ATDMT ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@BLUESTREAK[1].TXT [ /BLUESTREAK ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@FASTCLICK[2].TXT [ /FASTCLICK ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@MICROSOFTWINDOWS.112.2O7[1].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@SERVING-SYS[2].TXT [ /SERVING-SYS ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@STATCOUNTER[1].TXT [ /STATCOUNTER ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@TRACK.ADFORM[1].TXT [ /TRACK.ADFORM ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@TRACK.ADFORM[3].TXT [ /TRACK.ADFORM ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@TRAVELADVERTISING[1].TXT [ /TRAVELADVERTISING ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@TRVLNET.ADBUREAU[1].TXT [ /TRVLNET.ADBUREAU ]
    cdn1.static.pornhub.phncdn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8D7JT3TZ ]
    secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8D7JT3TZ ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    be.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    be.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    s5.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .networkedmediatank.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .networkedmediatank.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .networkedmediatank.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .networkedmediatank.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .networkedmediatank.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .networkedmediatank.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .dmtracker.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    demandmedia.trc.taboola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    demandmedia.trc.taboola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    demandmedia.trc.taboola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    demandmedia.trc.taboola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    www6.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .webhotelrevenue.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .webhotelrevenue.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .webhotelrevenue.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .webhotelrevenue.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    www.etracker.de [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    s7.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    be.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    be.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    compraonline.mediaworld.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .estat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .webresint.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .safaribooks.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    s45.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    s46.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    www.etracker.de [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    www.etracker.de [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .wileypublishing.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    s14.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    s14.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GU1BZ22Q.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .infoworldmediagroup.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adinterax.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tubepornstars.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tubepornstars.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tubepornstars.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.trackoptimizer.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.trackoptimizer.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ac-porn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.ac-porn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.trafficjunky.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    trafficjunky.xtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    trafficjunky.xtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads2.zeusclicks.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trinitymirror.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    keysshavoltaje.ladyboysex.info [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ww84aaa.com_new.gosexpod.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ww84aaa.com_new.gosexpod.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ww84aaa.com_new.gosexpod.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ww84aaa.com_new.gosexpod.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rexxx.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rexxx.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rexxx.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rexxx.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rexxx.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    rexxx.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.pornerbros.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s4.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad1.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    traffic.brokerbabe.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    traffic.brokerbabe.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trafficshop.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trafficshop.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    go.trafficshop.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.reedge.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.reedge.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.reedge.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sexier.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .webrankstats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .webrankstats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .webrankstats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    whois.webrankstats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    whois.webrankstats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.louiesporn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.louiesporn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.louiesporn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    escortclicks.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.pornmd.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornmd.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornmd.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornmd.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.usaporntv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.usaporntv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .usaporntv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .usaporntv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .usaporntv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.usaporntv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.usaporntv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sexad.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adviva.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cybersexchat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sexad.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .northstartravelmedia.d1.sc.omtrdc.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .estat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cybersexchat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    syndication1.traffichaus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .syndication.traffichaus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .syndication.traffichaus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .syndication.traffichaus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ox.mediabistro.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cybersexchat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cybersexchat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cybersexchat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.bbj.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .webresint.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gazdefrance.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c5.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .citronitalia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tradefx.advertserve.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    stats.cardschat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s7.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s8.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adv.arubamediamarketing.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.incontribdsm.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.incontribdsm.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.incontribdsm.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .incontribdsm.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .incontribdsm.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .incontribdsm.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .incontribdsm.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bdsmchat.ca [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bdsmchat.ca [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bdsmchat.ca [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.bdsmchat.ca [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.videosexarchive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.videosexarchive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.videosexarchive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.videosexarchive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .videosexarchive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .videosexarchive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .videosexarchive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .videosexarchive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adinterax.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .forum.tennisteen.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    insight.torbit.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    stats.adotube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .exoclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adxpansion.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad1.emediate.dk [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad6media.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad1.emediate.dk [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad1.emediate.dk [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .192com.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mmstat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cnzz.mmstat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    stats.wirecard.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.adformdsp.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickpoint.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.hrs.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.hrs.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.hrs.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dacia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dacia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dacia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dacia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.publicidees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad2.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www4.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www4.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.adformdsp.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adformdsp.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.macchinefotografiche.me [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.macchinefotografiche.me [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.macchinefotografiche.me [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.macchinefotografiche.me [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickpoint.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    xmediadv.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickpoint.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    display.clickpoint.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tracking.infostrada.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tracking.infostrada.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tracking.infostrada.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .suzuki.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .suzuki.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .suzuki.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .suzuki.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.payclick.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .samsung3.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .samsung3.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .samsung3.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .samsung3.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ferrero2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ferrero2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ferrero2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ferrero2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s14.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s14.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zanox.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .enifamiglia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .enifamiglia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .enifamiglia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .enifamiglia.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s45.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s46.shinystat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    be.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    be.sitestat.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.zanox.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.zanox.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramaitdatas3.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramaitdatas3.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pg2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pg2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pg2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pg2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramaitdata.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramaitdata.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramaitdata.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramaitdata.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramaitdata.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramaitdata.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .vodafoneit.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .vodafoneit.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .vodafoneit.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .vodafoneit.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    alert.mediaon.it [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-StartPage
    C:\PROGRAM FILES\ALPHACHESS\UNINSTALL.EXE

Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{3F7FB183-E7B1-4493-82FB-B60F672B9406}\RP2330\A1131662.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{3F7FB183-E7B1-4493-82FB-B60F672B9406}\RP2330\A1131663.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{3F7FB183-E7B1-4493-82FB-B60F672B9406}\RP2330\A1131664.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{3F7FB183-E7B1-4493-82FB-B60F672B9406}\RP2330\A1131665.EXE

Heur.Agent/Gen-FakeIE
    C:\WINDOWS\INSTALLER\{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}\ET20EXPLORER5CIEXPLORE.EXE0.ICO
    C:\WINDOWS\INSTALLER\{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}\ET20EXPLORER5CIEXPLORE.EXE0.ICO
    C:\WINDOWS\INSTALLER\{6BED4DFE-C527-463E-B93A-6F6848B74DD0}\ET20EXPLORER5CIEXPLORE.EXE0.ICO
    C:\WINDOWS\INSTALLER\{B2552FA6-86E3-410D-84AD-265C2242D410}\ET20EXPLORER5CIEXPLORE.EXE0.ICO
    C:\WINDOWS\INSTALLER\{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}\ET20EXPLORER5CIEXPLORE.EXE0.ICO
    C:\WINDOWS\INSTALLER\{D597935A-5F0E-44F8-A028-A0EF9C647D95}\ET20EXPLORER5CIEXPLORE.EXE0.ICO

Rogue.Agent/Gen-Nullo[DLL]
    C:\WINDOWS\SYSTEM32\SLIBDDF.DLL
    C:\WINDOWS\SYSTEM32\SOLEFW.DLL
    C:\WINDOWS\SYSTEM32\SSLIBEH.DLL
    C:\WINDOWS\SYSTEM32\SSLIBFF.DLL
    C:\WINDOWS\SYSTEM32\SSLIBFG.DLL
    C:\WINDOWS\SYSTEM32\SSLIBGS.DLL
    C:\WINDOWS\SYSTEM32\SSLIBKH.DLL
    C:\WINDOWS\SYSTEM32\SSLIBQQE.DLL
    C:\WINDOWS\SYSTEM32\SSLIBREE.DLL
    C:\WINDOWS\SYSTEM32\SSLIBSD.DLL
    C:\WINDOWS\SYSTEM32\SSOLEHT.DLL
    C:\WINDOWS\SYSTEM32\SSOLEKUY.DLL
 


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-08 12:39:57
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AADS-00M2B0 rev.01.00A01 465,76GB
Running: 842s6h8k.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awrdapow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwAdjustPrivilegesToken [0xB3266FBA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwClose [0xB32678B4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwConnectPort [0xB3280AEE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreateEvent [0xB3267E26]
SSDT            spgb.sys                                                                                                              ZwCreateKey [0xB7EB50E0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreateMutant [0xB3267D14]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreatePort [0xB3280E06]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreateProcess [0xB3268056]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreateProcessEx [0xB326821E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreateSection [0xB3266D76]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreateSemaphore [0xB3267F3E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreateThread [0xB32675E6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwCreateWaitablePort [0xB3280ECE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwDebugActiveProcess [0xB326853C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwDeleteKey [0xB327B084]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwDeleteValueKey [0xB327C88E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwDeviceIoControlFile [0xB32678F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwDuplicateObject [0xB326953C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwEnumerateKey [0xB327C088]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwEnumerateValueKey [0xB327CA38]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwLoadDriver [0xB326862E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwLoadKey [0xB327BBC0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwLoadKey2 [0xB327BE1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwMapViewOfSection [0xB3268B9A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwNotifyChangeKey [0xB327F30A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwOpenEvent [0xB3267EB8]
SSDT            spgb.sys                                                                                                              ZwOpenKey [0xB7EB50C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwOpenMutant [0xB3267DA0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwOpenProcess [0xB32671F4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwOpenSection [0xB326897E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwOpenSemaphore [0xB3267FD0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwOpenThread [0xB32670E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwQueryKey [0xB327AEB8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwQueryMultipleValueKey [0xB327C698]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwQueryObject [0xB327F500]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwQuerySection [0xB3268EC0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwQueryValueKey [0xB327C488]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwQueueApcThread [0xB32687CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwRenameKey [0xB327B198]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwReplaceKey [0xB327B80C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwReplyPort [0xB3281048]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwReplyWaitReceivePort [0xB3280F96]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwRequestWaitReplyPort [0xB32810B4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwRestoreKey [0xB327BA14]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwResumeThread [0xB32693DE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSaveKey [0xB327B33E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSaveKeyEx [0xB327B4D4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSaveMergedKeys [0xB327B670]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSecureConnectPort [0xB3280C76]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSetContextThread [0xB3267756]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSetInformationToken [0xB32683E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSetSystemInformation [0xB3269010]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSetValueKey [0xB327C248]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSuspendProcess [0xB3269104]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSuspendThread [0xB326923E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwSystemDebugControl [0xB326845E]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)         ZwTerminateProcess [0xB2FC7640]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwTerminateThread [0xB32672EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwUnmapViewOfSection [0xB3268D78]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 ZwWriteVirtualMemory [0xB326747C]

INT 0x62        ?                                                                                                                     8B4E6BF8
INT 0x82        ?                                                                                                                     8B4E6BF8
INT 0x83        ?                                                                                                                     8B477BF8
INT 0x83        ?                                                                                                                     8B1AEBF8
INT 0x83        ?                                                                                                                     8B477BF8
INT 0x94        ?                                                                                                                     8B1AEBF8

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                 IoIsOperationSynchronous

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                              804EAFE6 5 Bytes  JMP B32599F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                                 804EF97C 5 Bytes  JMP B3259DCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!ZwCallbackReturn + 2D40                                                                                  80504628 12 Bytes  [06, 0E, 28, B3, 56, 80, 26, ...] {PUSH ES; PUSH CS; SUB [EBX-0x4cd97faa], DH; PUSH DS; AND BYTE [ESI], 0xb3}
.text           ntkrnlpa.exe!ZwCallbackReturn + 2E0C                                                                                  805046F4 12 Bytes  [2E, 86, 26, B3, C0, BB, 27, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2E88                                                                                  80504770 4 Bytes  CALL CF036DE5
.text           ntkrnlpa.exe!ZwCallbackReturn + 2F88                                                                                  80504870 16 Bytes  [98, B1, 27, B3, 0C, B8, 27, ...] {CWDE ; MOV CL, 0x27; MOV BL, 0xc; MOV EAX, 0x1048b327; SUB [EBX-0x4cd7f06a], DH}
.text           ntkrnlpa.exe!ZwCallbackReturn + 2FC0                                                                                  805048A8 20 Bytes  [DE, 93, 26, B3, 3E, B3, 27, ...]
.text           ...                                                                                                                   
?               spgb.sys                                                                                                              The system cannot find the file specified. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                              section is writeable [0xB61643C0, 0x84E2FA, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                 B60E38AC 5 Bytes  JMP 8B1AE1D8
.text           a3lznz4s.SYS                                                                                                          B6080386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           a3lznz4s.SYS                                                                                                          B60803AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           a3lznz4s.SYS                                                                                                          B60803C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text           a3lznz4s.SYS                                                                                                          B60803C9 1 Byte  [2E]
.text           a3lznz4s.SYS                                                                                                          B60803C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD [CS:EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                   

---- Kernel IAT/EAT - GMER 2.1 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                    [B7EB6042] spgb.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                            [B7EB613E] spgb.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                   [B7EB60C0] spgb.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                           [B7EB6800] spgb.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                   [B7EB66D6] spgb.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [B7EC5B90] spgb.sys
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!KfAcquireSpinLock]                                                  CCCCCCC3
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!READ_PORT_UCHAR]                                                    CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!KeGetCurrentIrql]                                                   CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!KfRaiseIrql]                                                        CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!KfLowerIrql]                                                        8BEC8B55
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!HalGetInterruptVector]                                              00C73445
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!HalTranslateBusAddress]                                             00000000
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!KeStallExecutionProcessor]                                          830C458B
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!KfReleaseSpinLock]                                                  C0840CEC
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                            053C0D74
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!READ_PORT_USHORT]                                                   57B80974
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                           8B000000
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                   56C35DE5
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[WMILIB.SYS!WmiSystemControl]                                                8D51FC4D
IAT             \SystemRoot\System32\Drivers\a3lznz4s.SYS[WMILIB.SYS!WmiCompleteRequest]                                              8D52FD55
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                               [B79ACE60] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                               [B79ACE60] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\tcpip6.sys[TDI.SYS!TdiRegisterDeviceObject]                                              [B79ACE60] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                8B4731F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \Driver\USBSTOR \Device\0000009e                                                                                      8A4E11F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                      8B0FF1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                      8B0FF1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{D60A9982-3360-41C7-A9F0-2A23D69727AE}                                              8A521500
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                      8B0FF1F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                      8B0FF1F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                                      8B1971F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \Driver\PCI_PNP6964 \Device\00000063                                                                                  spgb.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                8B4751F8
Device          \Driver\USBSTOR \Device\000000a3                                                                                      8A4E11F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                8B4751F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                          8A6E0350
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                           [B790DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    [B790DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    [B790DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                           [B790DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                8B4751F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                               8A521500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                      8A521500
Device          \Driver\sptd \Device\3779644464                                                                                       spgb.sys

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                      8B0FF1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                      8B0FF1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                     8A6E9500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                      8B0FF1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                           8A6E9500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                      8B0FF1F8
Device          \Driver\usbehci \Device\USBFDO-4                                                                                      8B1971F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                      8B4751F8
Device          \Driver\mv61xx \Device\Scsi\mv61xx1Port2Path0Target14Lun0                                                             8B4741F8
Device          \Driver\mv61xx \Device\Scsi\mv61xx1                                                                                   8B4741F8
Device          \Driver\mv61xx \Device\Scsi\mv61xx1Port2Path0Target0Lun0                                                              8B4741F8
Device          \Driver\a3lznz4s \Device\Scsi\a3lznz4s1                                                                               8B0DB1F8
Device          \FileSystem\Fastfat \Fat                                                                                              8A4DB500
Device          \FileSystem\Fastfat \Fat                                                                                              AED62297

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                8A7B31F8

---- Trace I/O - GMER 2.1 ----

Trace           ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgb.sys >>UNKNOWN [0x8b495938]<<                       8b495938
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3c6ab8]                                                               8b3c6ab8
Trace           3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8b4311a0]                                          8b4311a0
Trace           5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b453d98]                                 8b453d98

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xF1 0x0A 0x64 0x8F ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0xBA 0xC7 0xBF 0xE8 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x49 0xEE 0xB9 0x41 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xF1 0x0A 0x64 0x8F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0xBA 0xC7 0xBF 0xE8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x49 0xEE 0xB9 0x41 ...

---- Files - GMER 2.1 ----

File            C:\WINDOWS\system32\WinFLdrv.sys                                                                                      17984 bytes executable                                                                                                                   <-- ROOTKIT !!!
File            C:\WINDOWS\system32\sys_drv.dat                                                                                       11044 bytes
File            C:\WINDOWS\system32\sys_drv_2.dat                                                                                     5020 bytes

---- Services - GMER 2.1 ----

Service         C:\WINDOWS\system32\WinFLdrv.sys                                                                                      [AUTO] WinFLdrv                                                                                                                          <-- ROOTKIT !!!

---- EOF - GMER 2.1 ----
 



#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:33 AM

Posted 08 October 2013 - 06:02 AM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 AM

Posted 10 October 2013 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#6 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 10 October 2013 - 12:12 PM

Hello, thanks for your help. I have on the desktop a RK quarantine folder: what to do with it?

 

Here the requested logs:

 

 

RogueKiller V8.7.2 [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 10/10/2013 17:47:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ TASKMAN] HKLM\[...]\Winlogon : TaskMan () -> REPLACED (Taskmgr.exe)
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000AADS-00M2B0 +++++
--- User ---
[MBR] 2e0bd968b9e58b227f6e138e5e16b9ae
[BSP] 385ffe99e7c720ad5c3b7b991d055795 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - ST3400620NS +++++
--- User ---
[MBR] ad6ec47d7c0911d350a98dc4cd9e0f63
[BSP] 7b31ea6d40eaada5263f297df156fbe4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 381543 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ SCSI) (Standard disk drives) - WDC WD20EARS-00MVWB0 SCSI Disk Device +++++
--- User ---
[MBR] 8a08584b1221685101715812f0e78395
[BSP] cc4eeaede8cb68a763b74a4e4a6c3728 : Empty MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_10102013_174753.txt >>
RKreport[0]_S_10102013_174736.txt


 

# AdwCleaner v3.007 - Report created 10/10/2013 at 17:53:39
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - LEGENDA
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\Egle\Application Data\Mozilla\Firefox\Profiles\hd8vcuh6.default\Conduit
Folder Found C:\Documents and Settings\Egle\Application Data\Mozilla\Firefox\Profiles\hd8vcuh6.default\ConduitEngine
Folder Found C:\Documents and Settings\Egle\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Egle\Local Settings\Application Data\ConduitEngine
Folder Found C:\Documents and Settings\Egle\Local Settings\Application Data\Search_USA
Folder Found C:\Documents and Settings\Egle\Local Settings\Application Data\Search_USA
Folder Found C:\Documents and Settings\Egle\Local Settings\Application Data\uTorrentBar_IT
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\uTorrentBar_IT
Folder Found C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine
Folder Found C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
Folder Found C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\Owner\Local Settings\Application Data\Search_USA
Folder Found C:\Documents and Settings\Owner\Local Settings\Application Data\Search_USA
Folder Found C:\Documents and Settings\Owner\Local Settings\Application Data\uTorrentBar_IT
Folder Found C:\Program Files\Babylon
Folder Found C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ConduitEngine
Folder Found C:\Program Files\uTorrentBar_IT
Folder Found C:\Save

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC600575-3013-4E8E-941C-4B00DAFCE730}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC600575-3013-4E8E-941C-4B00DAFCE730}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Search_USA
Key Found : HKCU\Software\Search_USA
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\uTorrentBar_IT
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{854145C6-B95A-408D-BE86-367DC393A219}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CB48AAA-55BD-46E1-9D62-91A61720C44E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0960612-02D3-46CB-B6EA-FE0511AEE893}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9278161-8136-4156-8A16-C9D871AB3BF6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E112E4DA-72B2-4E32-B84F-BBF26D39BCCC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_IT Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{854145C6-B95A-408D-BE86-367DC393A219}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AB3CB233-13B8-4C32-A0E7-2DF510D59F80}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_IT Toolbar
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Search_USA
Key Found : HKLM\Software\Search_USA
Key Found : HKLM\Software\uTorrentBar_IT
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gu1bz22q.default\prefs.js ]


[ File : C:\Documents and Settings\Egle\Application Data\Mozilla\Firefox\Profiles\hd8vcuh6.default\prefs.js ]

Line Found : user_pref("CT2786678..clientLogIsEnabled", true);
Line Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2786678.CTID", "CT2786678");
Line Found : user_pref("CT2786678.CurrentServerDate", "4-1-2011");
Line Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Found : user_pref("CT2786678.EMailNotifierPollDate", "Sun Jan 02 2011 14:14:08 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Found : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Found : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Found : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Found : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Found : user_pref("CT2786678.FirstServerDate", "13-12-2010");
Line Found : user_pref("CT2786678.FirstTime", true);
Line Found : user_pref("CT2786678.FirstTimeFF3", true);
Line Found : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Found : user_pref("CT2786678.Initialize", true);
Line Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2786678.InstalledDate", "Sun Dec 12 2010 23:39:17 GMT+0100");
Line Found : user_pref("CT2786678.IsGrouping", false);
Line Found : user_pref("CT2786678.IsMulticommunity", false);
Line Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jan 04 2011 21:09:12 GMT+0100");
Line Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2786678.LatestVersion", "3.2.5.2");
Line Found : user_pref("CT2786678.Locale", "en");
Line Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2786678.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Line Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Jan 04 2011 21:09:10 GMT+0100");
Line Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Jan 04 2011 21:09:11 GMT+0100");
Line Found : user_pref("CT2786678.SettingsLastCheckTime", "Tue Jan 04 2011 21:09:10 GMT+0100");
Line Found : user_pref("CT2786678.SettingsLastUpdate", "1292489785");
Line Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Jan 04 2011 21:09:10 GMT+0100");
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2786678.UserID", "UN98241562705821783");
Line Found : user_pref("CT2786678.ValidationData_Toolbar", 1);
Line Found : user_pref("CT2786678.WeatherNetwork", "");
Line Found : user_pref("CT2786678.WeatherPollDate", "Sun Jan 02 2011 13:59:16 GMT+0100");
Line Found : user_pref("CT2786678.WeatherUnit", "C");
Line Found : user_pref("CT2786678.alertChannelId", "1178763");
Line Found : user_pref("CT2786678.myStuffEnabled", true);
Line Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2786678.testingCtid", "");
Line Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jan 04 2011 21:09:12 GMT+0100");
Line Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Dec 12 2010 23:39:28 GMT+0100");
Line Found : user_pref("CT2786678.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/IT", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/IT", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1285982114\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/2010 3:54:59 PM", "634248284990000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1292489785\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634292354593700000\"");
Line Found : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Line Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Line Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jan 02 2011 14:13:52 GMT+0100");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jan 02 2011 13:58:55 GMT+0100");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "b1c9e252-235a-4342-9409-81bfcaff1751");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=en_IT&apn_uid=eb319294-04fd-43fb-89f6-9cdada6fd836&apn_ptnrs=%5EIY&apn_sauid=DFAC69B4-21D9-4C7D-AC78-[...]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20627 octets] - [10/10/2013 17:53:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20688 octets] ##########
 

 

 

 

 

# AdwCleaner v3.007 - Report created 10/10/2013 at 17:57:58
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - LEGENDA
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Save
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\uTorrentBar_IT
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\uTorrentBar_IT
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Search_USA
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\uTorrentBar_IT
Folder Deleted : C:\Documents and Settings\Egle\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Egle\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Egle\Local Settings\Application Data\Search_USA
Folder Deleted : C:\Documents and Settings\Egle\Local Settings\Application Data\uTorrentBar_IT
Folder Deleted : C:\Documents and Settings\Egle\Application Data\Mozilla\Firefox\Profiles\hd8vcuh6.default\Conduit
Folder Deleted : C:\Documents and Settings\Egle\Application Data\Mozilla\Firefox\Profiles\hd8vcuh6.default\ConduitEngine
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{854145C6-B95A-408D-BE86-367DC393A219}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC600575-3013-4E8E-941C-4B00DAFCE730}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC600575-3013-4E8E-941C-4B00DAFCE730}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AB3CB233-13B8-4C32-A0E7-2DF510D59F80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{854145C6-B95A-408D-BE86-367DC393A219}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9278161-8136-4156-8A16-C9D871AB3BF6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CB48AAA-55BD-46E1-9D62-91A61720C44E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0960612-02D3-46CB-B6EA-FE0511AEE893}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E112E4DA-72B2-4E32-B84F-BBF26D39BCCC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Search_USA
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\uTorrentBar_IT
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search_USA
Key Deleted : HKLM\Software\uTorrentBar_IT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_IT Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_IT Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gu1bz22q.default\prefs.js ]


[ File : C:\Documents and Settings\Egle\Application Data\Mozilla\Firefox\Profiles\hd8vcuh6.default\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "4-1-2011");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sun Jan 02 2011 14:14:08 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun Jan 02 2011 13:13:56 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "13-12-2010");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstalledDate", "Sun Dec 12 2010 23:39:17 GMT+0100");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jan 04 2011 21:09:12 GMT+0100");
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Jan 04 2011 21:09:10 GMT+0100");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Jan 04 2011 21:09:11 GMT+0100");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Jan 04 2011 21:09:10 GMT+0100");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1292489785");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Jan 04 2011 21:09:10 GMT+0100");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2786678.UserID", "UN98241562705821783");
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 1);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Sun Jan 02 2011 13:59:16 GMT+0100");
Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jan 04 2011 21:09:12 GMT+0100");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Dec 12 2010 23:39:28 GMT+0100");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/IT", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/IT", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1285982114\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/2010 3:54:59 PM", "634248284990000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1292489785\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634292354593700000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jan 02 2011 14:13:52 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jan 02 2011 13:58:55 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "b1c9e252-235a-4342-9409-81bfcaff1751");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jan 02 2011 13:13:55 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=en_IT&apn_uid=eb319294-04fd-43fb-89f6-9cdada6fd836&apn_ptnrs=%5EIY&apn_sauid=DFAC69B4-21D9-4C7D-AC78-[...]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20769 octets] - [10/10/2013 17:53:39]
AdwCleaner[S0].txt - [20325 octets] - [10/10/2013 17:57:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20386 octets] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on gio 10.10.13 at 18.14.17,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files\tgtsoft\stylexp"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on gio 10.10.13 at 18.21.06,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

ComboFix 13-10-09.01 - Owner o 10.10.13  18.34.28.7.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1033.18.3326.2618 [GMT 2:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\3ECEF7FF0D.sys
c:\documents and settings\Owner\Application Data\Microsoft\~DFK20254f.tmp
c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Owner\Application Data\Microsoft\bass.dll
c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp
c:\program files\Common Files\Logo.ico
c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
c:\windows\msvcr71.dll
c:\windows\system32\bit4cnsp.dll
c:\windows\system32\msvcsv60.dll
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETF6.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\SETFC.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-10 to 2013-10-10  )))))))))))))))))))))))))))))))
.
.
2013-10-10 16:14 . 2013-10-10 16:14    --------    d-----w-    c:\windows\ERUNT
2013-10-10 15:53 . 2013-10-10 16:11    --------    d-----w-    C:\AdwCleaner
2013-10-10 08:03 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-10 08:03 . 2013-07-03 01:59    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-10 08:03 . 2013-08-29 00:56    26240    -c----w-    c:\windows\system32\dllcache\usbser.sys
2013-10-10 08:03 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-10 08:03 . 2013-07-17 00:58    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-10 08:03 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-10 08:03 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-10 08:03 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-10 08:03 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-07 07:11 . 2013-10-07 07:11    --------    d-----w-    c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2013-10-07 07:10 . 2013-10-07 07:11    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-10-07 07:10 . 2013-10-07 07:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-09-25 17:01 . 2013-10-09 14:32    --------    d-----w-    c:\documents and settings\Owner\Application Data\vlc
2013-09-25 16:55 . 2013-03-17 16:21    3649536    ----a-w-    c:\windows\system32\x264vfw.dll
2013-09-25 16:55 . 2011-12-07 17:32    216064    ----a-w-    c:\windows\system32\lagarith.dll
2013-09-25 16:55 . 2011-06-24 14:44    243200    ----a-w-    c:\windows\system32\xvidvfw.dll
2013-09-25 16:55 . 2011-06-24 14:28    650752    ----a-w-    c:\windows\system32\xvidcore.dll
2013-09-25 16:55 . 2012-07-21 10:54    122880    ----a-w-    c:\windows\system32\ac3acm.acm
2013-09-25 16:55 . 2013-09-12 18:00    112640    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-09-25 16:55 . 2013-09-25 16:55    --------    d-----w-    c:\program files\K-Lite Codec Pack
2013-09-21 13:54 . 2013-09-21 13:54    --------    d-----w-    c:\documents and settings\Owner\Application Data\D16 Group
2013-09-21 13:52 . 2013-09-21 13:52    --------    d-----w-    c:\program files\D16 Group Audio Software
2013-09-19 18:55 . 2013-09-19 18:55    --------    d-----w-    c:\program files\D16 Group
2013-09-19 18:38 . 2013-09-19 18:38    --------    d-----w-    c:\documents and settings\All Users\Application Data\D16 Group
2013-09-15 17:38 . 2013-09-15 18:03    --------    d-----w-    c:\documents and settings\Owner\Application Data\ToguAudioLine
2013-09-12 22:27 . 2013-09-23 18:33    18944    -c----w-    c:\windows\system32\dllcache\corpol.dll
2013-09-12 13:12 . 2013-09-12 13:12    692575    ----a-w-    c:\program files\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 15:47 . 2013-10-10 15:47    6272    ----a-w-    c:\windows\system32\drivers\splitter.sys.bak
2013-10-10 15:46 . 2013-10-10 15:46    63744    ----a-w-    c:\windows\system32\drivers\mf.sys.bak
2013-10-10 15:46 . 2013-10-10 15:46    75264    ----a-w-    c:\windows\system32\drivers\ipsec.sys.bak
2013-10-10 13:54 . 2012-04-02 08:44    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-10 13:54 . 2011-05-26 07:24    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2004-08-04 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 12:00    385024    ------w-    c:\windows\system32\html.iec
2013-08-30 15:03 . 2011-12-27 22:27    176    ----a-w-    c:\documents and settings\Owner\Application Data\msregsvv.dll
2013-08-29 01:31 . 2004-08-04 12:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-24 17:49 . 2013-08-24 17:49    2892    ----a-w-    c:\windows\system32\audcon.sys
2013-08-22 17:09 . 2013-02-04 21:46    217176    ----a-w-    c:\windows\system32\unrar.dll
2013-08-09 01:56 . 2004-08-04 12:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-04 12:00    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-05 13:30 . 2004-08-04 12:00    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 12:18 . 2006-10-18 18:47    1543680    ----a-w-    c:\windows\system32\wmvdecod.dll
2013-07-18 23:18 . 2013-07-18 23:18    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58 . 2008-09-03 21:52    123008    ------w-    c:\windows\system32\drivers\usbvideo.sys
2010-10-03 12:16 . 2010-10-03 12:16    3430224    ----a-w-    c:\program files\ccsetup236.exe
2010-05-22 20:04 . 2010-05-22 20:04    3099136    ----a-w-    c:\program files\openofficeorg32.msi
2007-07-24 18:03 . 2007-07-24 18:03    118784    ----a-w-    c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2004-08-04 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2004-08-04 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2004-08-04 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2004-08-04 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"Winsplit"="c:\program files\WinSplit Revolution\WinSplit.exe" [2011-04-12 3951616]
"Free Internet Window Washer"="c:\program files\Free Internet Window Washer\Clearpch.exe" [2007-08-29 1504256]
"Spotify Web Helper"="c:\documents and settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-10-05 1140736]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-09-20 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-03-14 192512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-10 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ipTray.exe"="c:\program files\Intel\Intel Desktop Utilities\ipTray.exe" [2009-01-22 1649152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Acrobat Assistant 8.0"="f:\adobe acrobat\Acrobat\Acrotray.exe" [2013-05-08 642664]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
RescueTime.lnk - c:\program files\RescueTime\RescueTime.exe [2012-10-18 2744832]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"NoAutorun"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sospcSelf]
c:\program files\SOS PC Self\clientBase\SOSPCSelf Widget minimize=true [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42    33120    ----a-w-    c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath"=c:\windows\VM_STI.EXE VIMICRO USB PC Camera 301x
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ipTray.exe"="c:\program files\Intel\IDU\iptray.exe"
"Adobe Acrobat Speed Launcher"="f:\adobe acrobat\Acrobat\Acrobat_sl.exe"
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\A4Tech\\Mouse\\Amoumain.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\National Instruments\\DataSocket\\cwdss.exe"=
"c:\\Program Files\\Music Label 2009\\MusicLabel.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{F27CFD16-939A-4232-98CD-180898D14713}\\setup\\hpznui01.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Novation\\Automap\\AutomapServer.exe"=
"c:\\Program Files\\Steinberg\\Cubase Studio 5\\Cubase Studio 5.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1186:TCP"= 1186:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [30.8.06 9.43.14 70784]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [10.7.07 20.08.14 15448]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [31.1.13 16.16.34 16504]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.6.10 9.52.57 691696]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [4.3.11 14.23.20 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.11 18.27.02 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.11 23.55.22 67664]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [19.10.10 20.17.01 95592]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23.5.13 22.11.42 119056]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files\Fitbit Connect\FitbitConnectService.exe [25.2.13 17.58.30 1239584]
R2 IduService;Intel® Desktop Utilities Service;c:\program files\Intel\Intel Desktop Utilities\iduServ.exe [22.1.09 17.18.52 124928]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [4.8.04 14.00.00 14336]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [29.4.06 11.47.14 20541]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [6.9.12 15.40.42 80472]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14.1.11 13.35.56 196912]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [19.7.07 12.56.44 11360]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.10 19.07.14 35088]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [12.5.13 0.21.09 625304]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [31.1.13 16.16.38 225400]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [14.10.11 8.01.50 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [14.10.11 8.01.48 399416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23.1.12 6.43.08 92592]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [7.8.11 19.35.50 17984]
R3 automap;Automap MIDI Driver;c:\windows\system32\drivers\automap.sys [29.8.13 22.32.02 15704]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [7.5.10 11.06.26 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.09 19.27.24 19472]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.10 10.30.58 15544]
R3 RDID1005;EDIROL UA-5;c:\windows\system32\drivers\Rdwm1005.sys [10.3.10 0.44.26 144561]
S2 gupdate1c9773b6df93356;Google Update Service (gupdate1c9773b6df93356);c:\program files\Google\Update\GoogleUpdate.exe [15.1.09 20.02.27 133104]
S2 Marvell RAID;Marvell RAID Event Agent; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.13 8.52.52 162672]
S2 SOSPCService;SOSPCService;c:\program files\SOS PC Self\clientBase\bin\ATAService.exe [5.5.12 17.59.00 110592]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [3.5.12 13.14.09 24832]
S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [26.5.07 0.12.24 14074]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [14.12.07 13.41.28 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [13.12.07 0.23.46 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [13.12.07 0.22.42 11896]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [19.7.07 12.48.36 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [19.7.07 12.56.44 11360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [22.6.09 10.36.26 136704]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [29.8.13 22.32.58 41944]
S3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [10.3.10 0.50.13 79393]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [10.1.12 12.26.02 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [10.1.12 12.26.02 60544]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.10 13.37.14 517096]
S3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [25.5.07 1.50.24 23696]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [24.5.11 13.17.00 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper    REG_MULTI_SZ       getPlusHelper
p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:54]
.
2013-09-08 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2013-02-06 12:44]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-15 18:02]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-15 18:02]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-790525478-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-28 08:04]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-790525478-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-28 08:04]
.
2013-10-10 c:\windows\Tasks\User_Feed_Synchronization-{83C44CE7-AC6F-48F7-B192-9E64B26057B5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gu1bz22q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-bit4id store register - c:\windows\system32\bit4cnsp.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
MSConfigStartUp-boincmgr - c:\program files\BOINC\boincmgr.exe
MSConfigStartUp-boinctray - c:\program files\BOINC\boinctray.exe
AddRemove-AlphaChess - c:\program files\AlphaChess\Uninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-SOSPCSelf - c:\program files\SOS PC Self\Disinstalla SOS PC Self
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-10 18:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-WUY5-RW8P-54MF-XTAY-45FX-BTE99YS"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\software\Wondershare\Wondershare Helper Compact\1818838560\es\Microsoft\Web Platform Installer\;c:\program files\QuickTime\QTSystem\PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1*PROCESSOR_ARCHITECTURE=x86*PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel*PROCESSOR_LEVEL=6*PROCES]
"JoinUserExperience"=dword:00000001
.
Completion time: 2013-10-10  18:52:27
ComboFix-quarantined-files.txt  2013-10-10 16:52
.
Pre-Run: 374.601.723.904 bytes free
Post-Run: 374.917.668.864 bytes free
.
- - End Of File - - 1F2F706C004E699311E02C4668CBCF35
8F558EB6672622401DA993E1E865C861
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 AM

Posted 11 October 2013 - 09:53 AM

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know of any remaining issues with this computer.

#8 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 11 October 2013 - 10:32 AM

Hello,

 

I also have a laptop computer, connected wirelessly to the network. I run the same programs (Malwarebytes, etc) and produced logs. It is also infected, with some of the same virus already found on the desktop. Shall I post the logs here (as part of the same network and possibily of the same problems) or do I need to start a new topic?

 

Also: after running Combofix, I found a Mycomputer and IE icons (not shortcuts) on the desktop, can I remove them?

 

Here the requested log:

 

 Results of screen317's Security Check version 0.99.74  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 ESET Online Scanner v3   
 Kaspersky Internet Security 2012   
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Secunia PSI (2.0.0.4003)   
 Free Internet Window Washer  
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities Language Pack (en-GB)
 TuneUp Utilities    
 CCleaner     
 DH Driver Cleaner Professional Edition
 Java™ 6 Update 26  
 Java™ 6 Update 39  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 2012 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 



#9 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 11 October 2013 - 10:39 AM

On the Event Viewer/Security I keep finding lots of different events, especially logon/logoff, privilege use and policy change, by the network service, anonymous user, system , local service. Is it normal?



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:33 PM

Posted 20 October 2013 - 02:19 AM

Since you have a topic in the Malware Removal forum, I will close this one to avoid confusion.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users