Need help - XP Pro x64 Edition Ver 2003.

joselepiu · Jun 16, 2012

Spybot scan

I ran a Spybot scan & found these problems marked in red:

BurstMedia - 1 entries Browser

CasaleMedia - 10 entries Browser

DoubleClick - 2 entries Browser

FastClick - 1 entries Browser

MediaPlex - 4 entries

Zedo - 3 entries Browser

I selected all & Fix selected probles, got a meddage that said that I need to reboot to fix all the probles & I deed but...

After the reboot did anoher scan when it finished it said that all was alright, so I did another scan but got the same problems...

Here are the 2 scans reports:...

joselepiu · Jun 16, 2012

Checks.120615-2227.log

15.06.2012 22:27:45 - ##### check started #####
15.06.2012 22:27:45 - ### Version: 1.6.2
15.06.2012 22:27:45 - ### Date: 6/15/2012 10:27:45 PM
15.06.2012 22:27:48 - ##### checking bots #####
15.06.2012 23:13:59 - found: MediaPlex Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: MediaPlex Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: MediaPlex Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: Zedo Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: DoubleClick Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: Zedo Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: Zedo Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: DoubleClick Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: BurstMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: FastClick Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:13:59 - found: MediaPlex Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:00 - found: CasaleMedia Tracking cookie (Chrome: Chrome)
15.06.2012 23:14:03 - ##### checking usage tracking #####
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: Adobe FlashPlayer Cookies Text file
15.06.2012 23:14:06 - found: MS Direct3D Most recent application
15.06.2012 23:14:06 - found: MS DirectDraw Most recent application
15.06.2012 23:14:08 - found: MS Office 11.0 (Excel) Recent file list 1 files
15.06.2012 23:14:09 - found: MS Search Assistant Typed search terms history
15.06.2012 23:14:11 - found: Windows Drivers installation paths
15.06.2012 23:14:11 - found: Windows Drivers installation paths
15.06.2012 23:14:12 - found: Windows.OpenWith Open with list - .BMP extension 3 files
15.06.2012 23:14:13 - found: Windows.OpenWith Open with list - .BMP extension 2 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history IE 6 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history IE 1 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history IE 1 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history IE 1 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history files 58 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history files 13 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history files 14 files
15.06.2012 23:14:14 - found: Windows Explorer User Assistant history files 4 files
15.06.2012 23:14:15 - found: History History (1)
15.06.2012 23:14:15 - found: Cookie Cookie (420)
15.06.2012 23:14:15 - found: History History (1257)
15.06.2012 23:14:15 - ##### check finished #####

joselepiu · Jun 16, 2012

Checks.120615-2314.txt

--- Report generated: 2012-06-15 23:14 ---

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#ve\admanager.sol
Properties.size=100
Properties.md5=82FFEC68DC5499DA2B19C5D98E99FF77
Properties.filedate=1339807568
Properties.filedatetext=2012-06-15 18:46:07

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\dailyflag.sol
Properties.size=64
Properties.md5=67D16BE4E3F6FD36FD0568848D53786E
Properties.filedate=1339807568
Properties.filedatetext=2012-06-15 18:46:07

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\Demo.sol
Properties.size=367
Properties.md5=9FB243A8E06135D75E0C062AEB87551E
Properties.filedate=1339808468
Properties.filedatetext=2012-06-15 19:01:07

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\OptOut.sol
Properties.size=61
Properties.md5=623AFCE923C66CC581EDF12136B5A3A6
Properties.filedate=1339807574
Properties.filedatetext=2012-06-15 18:46:13

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\Retargeting.sol
Properties.size=211
Properties.md5=AF3E3B0E62B9D558E6B2E662394C82D9
Properties.filedate=1339808468
Properties.filedatetext=2012-06-15 19:01:07

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\D J RAC\Application Data\Macromedia\Flash Player\#SharedObjects\DQ4EY7JD\core.saymedia.com\#com\videoegg\UserProvider.sol
Properties.size=67
Properties.md5=264F4275D2F0C70CA647E6A013035FAC
Properties.filedate=1339807574
Properties.filedatetext=2012-06-15 18:46:13

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Search Assistant\ACMru

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (58 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (14 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-334292207-2319730254-1780565897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

History: [SBI $49804B54] History (1) (History, nothing done)

Cookie: [SBI $49804B54] Cookie (420) (Cookie, nothing done)

History: [SBI $49804B54] History (1257) (History, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-04-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-05-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-05-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-09-28 Includes\Trojans.sbi (*)
2012-05-16 Includes\TrojansC-02.sbi (*)
2012-05-18 Includes\TrojansC-03.sbi (*)
2012-05-22 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-05-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

ken545 · Jun 16, 2012

Hello Jose,

Those are just tracking cookies and can be deleted from time to time. Just have Spybot remove them

This program may be a bit better to remove them

Please download SuperAntiSpyware Free
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

Then see if this free online virus scanner picks anything up

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the

button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on
  
  to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the
  
  icon on your desktop.
Check
Click the

button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push

, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the

button.
Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

joselepiu · Jun 17, 2012

new logs...

SUPERAntiSpyware Scan Log - 06-17-2012 - 10-40-27.log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2012 at 10:40 AM

Application Version : 5.1.1002

Core Rules Database Version : 8750
Trace Rules Database Version: 6562

Scan type : Complete Scan
Total Scan Time : 02:28:27

Operating System Information
Windows XP Professional 64-bit, Service Pack 2 (Build 5.02.3790)
Administrator

Memory items scanned : 421
Memory threats detected : 0
Registry items scanned : 69561
Registry threats detected : 0
File items scanned : 77422
File threats detected : 142

PUP.CNETInstaller
C:\DOCUMENTS AND SETTINGS\D\DESKTOP\ALWAYS ON TOP\CHAMELEON WIN MNGR LITE VER 1 1 0 131.EXE
C:\DOCUMENTS AND SETTINGS\D \DESKTOP\PICS SOFTWARE\TEXTURE PACK 5 VER 1EXE.EXE

Adware.Tracking Cookie
.histats.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ad6media.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ad6media.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ad6media.fr [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\LETY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\LY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\L\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OQ9VSQXA.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\P & V\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9LTSENYY.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Decay
C:\PROGRAM FILES (X86)\ADOBE\READER 10.0\READER\READER_SL.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0EF9D5FA-FBB1-4D21-9244-1C1B67CD2313}\RP207\A0074006.RBF
C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744AA0100000010\10.1.0\READER_SL.EXE

ESET Online Scanner Log

C:\Documents and Settings\D\Desktop\Downloads\Tools\Installed\IObit Disk Defrag Ver 3 2 setup.exe a variant of Win32/Toolbar.Widgi application
C:\Documents and Settings\D\Desktop\Downloads\Tools\Installed\WINamp Ver 5 6 1 setup.exe Win32/OpenCandy application
C:\Documents and Settings\D\Desktop\External\D\Tools\Set Up Files\Installed\IObit Smart Defrag 2 Beta 1 21\smart-defrag-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Documents and Settings\D\Desktop\pics software\Photo Pos Pro Ver 1 87.exe Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{0EF9D5FA-FBB1-4D21-9244-1C1B67CD2313}\RP247\A0100018.exe a variant of Win32/InstallCore.D application
C:\System Volume Information\_restore{0EF9D5FA-FBB1-4D21-9244-1C1B67CD2313}\RP247\A0100019.exe a variant of Win32/InstallCore.D application

ken545 · Jun 17, 2012

To be on the safeside, lets delete these

C:\Documents and Settings\D\Desktop\Downloads <--Delete everything in your download folder but not the folder itself
C:\Documents and Settings\D\Desktop\External\D\Tools\Set Up Files\Installed <--Same thing here but not the Installed folder
C:\Documents and Settings\D\Desktop\pics software\Photo Pos Pro Ver 1 87.exe <--Delete this

The rest that are bad are in your system restore program

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses


:OTL

:Services

:Reg

:Files

:Commands
[purity]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

joselepiu · Jun 18, 2012

New log...

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
Error creating restore point.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: D J RAC
->Temp folder emptied: 443753 bytes
->Temporary Internet Files folder emptied: 58834 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17733110 bytes
->Google Chrome cache emptied: 26923184 bytes
->Flash cache emptied: 1771 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lety
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Prisci & Vane
->Temp folder emptied: 205776 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 36708783 bytes
->Flash cache emptied: 11551 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 570901 bytes
RecycleBin emptied: 53008713 bytes

Total Files Cleaned = 130.00 mb

OTL by OldTimer - Version 3.2.48.0 log created on 06182012_032306

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_5rYOgACKdYfSr5T not found!
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_5zVSKaWVfKX8N3a not found!
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_gdGRijHXXZwoYRz not found!
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_OZg1QMeexLWax1r not found!
File\Folder C:\Documents and Settings\D J RAC\Local Settings\Temp\etilqs_xwDGcpI99BFFEbO not found!

Registry entries deleted on Reboot...

ken545 · Jun 18, 2012

It looks like OTL failed to remove all previous restore points and to create a new one, lets do it manually

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

joselepiu · Jun 19, 2012

Done...

Done... but it did not produce any logs...

ken545 · Jun 19, 2012

Dont need one, how are things running now ?

ken545 · Jun 19, 2012

Hey, sorry for being brief as I was out the door heading for work and sometimes my internet access at work is iffy

The reason I had you run the System Restore program is because there where bad entries in there that would have been reinstalled if you decided to use this program to restore your computer to an earlier date, what I had you do is to flush out all the old restore points and create a new one.

Everything running OK ?

joselepiu · Jun 19, 2012

Still the same...

Is still the same... really really slow... the boot time... the web surfing... & in general still really slow...

ken545 · Jun 19, 2012

Lets try 2 different scanners

Download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

joselepiu · Jun 20, 2012

New Log...

The GMER Rootkit Scanner log came out empty...

Here is the other one (MBRCheck.exe)...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional x64 Edition
Windows Information: Service Pack 2 (build 3790)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 117):
0x01000000 \WINDOWS\system32\ntoskrnl.exe
0x00800000 \WINDOWS\system32\hal.dll
0x993FB000 \WINDOWS\system32\KDCOM.DLL
0x9940B000 \WINDOWS\system32\BOOTVID.dll
0x98F9E000 ACPI.sys
0x9941B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0x98F7D000 pci.sys
0x9942B000 isapnp.sys
0x99AB7000 compbatt.sys
0x997FB000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0x99802000 pciide.sys
0x9943B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0x98F67000 MountMgr.sys
0x98F27000 ftdisk.sys
0x99809000 dmload.sys
0x98EE0000 dmio.sys
0x98E95000 volsnap.sys
0x9944B000 PartMgr.sys
0x98E68000 atapi.sys
0x98E3B000 nvata64.sys
0x98E26000 disk.sys
0x98E09000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0x98DCB000 fltmgr.sys
0x98DA8000 sr.sys
0x9945B000 PxHlpa64.sys
0x98D74000 KSecDD.sys
0x98C6F000 Ntfs.sys
0x98C09000 NDIS.sys
0x98BD5000 Mup.sys
0x9946B000 crcdisk.sys
0x9947B000 avgrkx64.sys
0x9948B000 avgidsha.sys
0x99165000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x9749F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0x9747C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x9959B000 \SystemRoot\system32\DRIVERS\watchdog.sys
0x99960000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x97442000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x995AB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x970F7000 \SystemRoot\system32\drivers\ALCWDM64.SYS
0x970B7000 \SystemRoot\system32\drivers\portcls.sys
0x9706E000 \SystemRoot\system32\drivers\ks.sys
0x99967000 \SystemRoot\system32\drivers\ksthunk.sys
0x995BB000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0x96F00000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0x995CB000 \SystemRoot\system32\DRIVERS\fdc.sys
0x96EDD000 \SystemRoot\system32\DRIVERS\serial.sys
0x995DB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x96EB8000 \SystemRoot\system32\DRIVERS\parport.sys
0x96E9B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x995EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x995FB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9979B000 \SystemRoot\system32\DRIVERS\audstub.sys
0x96E75000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9960B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x96DA9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x96D95000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x96D72000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9961B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x96D52000 \SystemRoot\system32\DRIVERS\psched.sys
0x96D3C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0x9962B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0x9963B000 \SystemRoot\system32\DRIVERS\raspti.sys
0x96CE5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x96CCF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x99BC9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x96CB4000 \SystemRoot\system32\DRIVERS\update.sys
0x9964B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x96CA0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x964FC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x99BCB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x99178000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0x994CB000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x994DB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9971B000 \SystemRoot\System32\Drivers\Null.SYS
0x999EC000 \SystemRoot\System32\Drivers\Beep.SYS
0x994EB000 \SystemRoot\System32\drivers\vga.sys
0x994FB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x9950B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9951B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x95C6F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9952B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x95C44000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x95B4F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x95B11000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x95AB0000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x9918B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95A56000 \SystemRoot\system32\DRIVERS\netbt.sys
0x95A09000 \SystemRoot\System32\drivers\afd.sys
0x9919E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x959B8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x958A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x991B1000 \SystemRoot\System32\Drivers\Fips.SYS
0x997DB000 \??\C:\WINDOWS\system32\drivers\BIOS64.sys
0x9585A000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x9953B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95845000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9954B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9955B000 \SystemRoot\system32\DRIVERS\HidBatt.sys
0x956BA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95CA3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xFF000000 \SystemRoot\System32\win32k.sys
0x95C83000 \SystemRoot\System32\drivers\Dxapi.sys
0xFE000000 \SystemRoot\System32\drivers\dxg.sys
0xFE028000 \SystemRoot\System32\nv4_disp.dll
0xFEAC5000 \SystemRoot\System32\ATMFD.DLL
0x96E05000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x941D5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x996CB000 \SystemRoot\system32\DRIVERS\CdaC15BA.sys
0x996FB000 \SystemRoot\system32\DRIVERS\CdaD10BA.sys
0x93F97000 \SystemRoot\System32\Drivers\HTTP.sys
0x93E84000 \SystemRoot\system32\DRIVERS\srv.sys
0x93CC0000 \SystemRoot\system32\drivers\wdmaud.sys
0x93C95000 \SystemRoot\system32\drivers\sysaudio.sys
0x95D13000 \SystemRoot\system32\DRIVERS\secdrv.sys
0x924E4000 \SystemRoot\system32\drivers\kmixer.sys
0x77EC0000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
276 C:\WINDOWS\system32\smss.exe
556 csrss.exe
592 C:\WINDOWS\system32\winlogon.exe
644 C:\WINDOWS\system32\services.exe
656 C:\WINDOWS\system32\lsass.exe
864 C:\WINDOWS\system32\svchost.exe
944 svchost.exe
988 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1088 svchost.exe
1264 C:\WINDOWS\system32\spoolsv.exe
1392 svchost.exe
1444 C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe
1480 C:\Program Files (x86)\AVG2012\avgwdsvc.exe
1564 C:\WINDOWS\system32\svchost.exe
1644 C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
1712 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1764 C:\WINDOWS\system32\nvsvc64.exe
1916 daemonu.exe
160 svchost.exe
2172 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
2296 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
2588 wmiprvse.exe
1588 alg.exe
1596 C:\WINDOWS\system32\wscntfy.exe
976 C:\WINDOWS\explorer.exe
2936 C:\WINDOWS\soundman.exe
2108 C:\WINDOWS\system32\rundll32.exe
2132 C:\WINDOWS\system32\ctfmon.exe
2692 C:\WINDOWS\system32\rundll32.exe
2188 C:\WINDOWS\SysWOW64\ctfmon.exe
736 C:\WINDOWS\system32\rundll32.exe
740 C:\WINDOWS\SysWOW64\rundll32.exe
1468 C:\Program Files (x86)\AVG2012\avgtray.exe
1580 C:\Program Files (x86)\AVG Secure Search\vprot.exe
1400 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2304 C:\Program Files (x86)\APC PowerChute Personal Edition\apcsystray.exe
3976 C:\WINDOWS\system32\notepad.exe
1680 C:\Documents and Settings\D\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKB-00H8A0, Rev: 05.04E05

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!

ken545 · Jun 20, 2012

Looks like your fine, at this point I dont believe your problem is malware related, if you post in the windows forum I suggested they can run you through some tests to check the health of your hard drive and also maybe sort out programs that can be causing your slow boot time.

http://forums.whatthetech.com/index.php?showforum=119

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

joselepiu · Jun 20, 2012

Thanks...

Well, thanks...

Been getting help from the forum you suggested, will see what happens...

Thanks...

ken545 · Jun 20, 2012

Your Welcome,

Ken

Need help - XP Pro x64 Edition Ver 2003.

joselepiu

New member

joselepiu

New member

joselepiu

New member

ken545

Emeritus-Security Expert

joselepiu

New member

ken545

Emeritus-Security Expert

joselepiu

New member

ken545

Emeritus-Security Expert

joselepiu

New member

ken545

Emeritus-Security Expert

ken545

Emeritus-Security Expert

joselepiu

New member

ken545

Emeritus-Security Expert

joselepiu

New member

ken545

Emeritus-Security Expert

joselepiu

New member

ken545

Emeritus-Security Expert