Jump to content

Trojans just won't go away!


Recommended Posts

Hi,

I would really appreciate your help as I am tempted to hit my laptop after downloading lots of programmes to help get rid of viruses which keep on coming back!

I have followed your instructions - done step 1 and 2. The Spybot S&D found one item: Virtumonde which it deleted.

MWAM log is below (only used this today) which could not remove one item: C:\users\admin\AppData\Local\Temp\cbxww.dll. When I restarted following the scan and delete my system said it could not find the startup file with the same location as the unremovable item.

Malwarebytes' Anti-Malware 1.11

Database version: 603

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 189522

Time elapsed: 1 hour(s), 43 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7457a5c1 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\admin\AppData\Local\Temp\lpjjxbly.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\admin\AppData\Local\Temp\lufxbtkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\admin\AppData\Local\Temp\thgdpoyn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\admin\AppData\Local\Temp\xpomwndv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\admin\AppData\Local\Temp\cbxww.dll (Trojan.Agent) -> Delete on reboot.

C:\Users\admin\AppData\Local\Temp\vjmmgmwe.dll (Trojan.Agent) -> Quarantined and deleted successfully.

-----

Once I restarted following MBAM I noticed that the my laptop wasn't faster as such but had less noise initially (still noisy after 5mins), Spybot had less popups but I know something could take it back to square one so I am onto the next steps and will post those logs up.

I've given as much info as I can (the history):

My laptop useto work like lightening and so quiet until a few months ago when it caught something online, since then infections have been reoccuring.

I have McAfee Virusscan Enterprise 8.5i which is my anti-virus and use windows firewall as my firewall, plus I have Spybot and AdAware and Windows Defender. I find that McAfee scans takes forever and I always do it in safemode no networking. Here is a brief summary of the results of a scan I did yesterday (ran after doing AdAware 2007 and SpyBot S&D):

08/04.2008 time taken: 6.38.55 scanned 3134124 detections 0. Although on a restart S&D did the usual of denying access to registry changes literally every second (the teatimer). This has been causing web browsing to be really hard and crash. Also I got popups in I.E. which usually would be both pages that would and would not display, even in firefox popups seem to crop up (albeit less occasionally).

The laptop is less then a year old!

The possibilities:

Your advice and lastly I have ordered directly from HP a set of recovery discs just incase I do have to start all over and wipe the system (I sound like I know what I am doing but really I do not!). My friend said it's better to order them as if I produced the recovery discs from my laptop it isn't factory standard (has virus).

Link to post
Share on other sites

Hi wontgo and welcome to Malwarebytes. Looks like MBAM has got quite a lot. But I need to see some more scan logs to be sure.

Hi there, and welcome to

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.

Please run a full scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply.

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said.

Be patient and persistent. These things can take time and many procedures.

I know you have already done some of this. This is my canned message so please just pick up where you stopped with the Panda scan and a HiJack This! log.

Link to post
Share on other sites

Thanks, I have unhidden the files as directed and will do Hijack this scan and post lastly. Should I install and do an AVG scan as well as I thought I didn't need to? wopps!

Here are the results from Panda and I really appreciate your help, for some reason I can't manage to get it very read friendly:

*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-04-09 19:13:13

PROTECTIONS: 2

MALWARE: 64

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

McAfee VirusScan Enterprise 8.5.0.781 Yes Yes

AVG 7.5.516 7.5.516 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.doubleclick.net/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atdmt.com/]

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tradedoubler[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.247realmedia.com/]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.247realmedia.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediaplex[1].txt

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-24 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.yadro.ru/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.yadro.ru/]

00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][landing.domainsponsor.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-24 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@bs.serving-sys[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adtech[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/hc/30435142]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/]

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][stat.onestat.com/]

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][stat.onestat.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bravenet.com/]

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bravenet.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][searchportal.information.com/]

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][searchportal.information.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.atwola.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]

02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advancedcleaner[2].txt

02901046 Adware/SpyAxe Adware No 0 No No C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHK96QDV\webinst[1].cab[webinst.dll]

02903139 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\qoatubns.dll

02903141 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\mgescpns.dll

02903964 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\ppvhdswc.dll

02903965 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\kcsnsdma.dll

02903966 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\yqmovgdy.dll

02904333 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\cnlmtpdl.dll

02905017 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\phoifymc.dll

02905018 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\pvgaulne.dll

02905019 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\tjvqahqs.dll

02905020 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\gfepioko.dll

02905021 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\astcnvcr.dll

02905027 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\rdwbfjer.dll

02905766 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\hwpugwxs.dll

02905766 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\naaarsyl.dll

02906744 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\gndbtgja.dll

02906745 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\nywbdqco.dll

02906745 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\umdwlqen.dll

02906746 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\kmuamkul.dll

02907394 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\fkjqemia.dll

02907395 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\lqjnpnri.dll

02907397 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\dssdmnnf.dll

02907725 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\ubswvdcc.dll

02907726 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\ycexdlpw.dll

02908067 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\maqyjmod.dll

02908219 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\oylkurrx.dll

02908620 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\huoidrqv.dll

02908623 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\vbojtwih.dll

02909242 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\oeofadcj.dll

02909247 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\gawvuthw.dll

02909475 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\dwjmoxcv.dll

02910323 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\afjuisxo.dll

02910326 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\cnekjckj.dll

02910537 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\qsdkbour.dll

02910804 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\kcvacfhw.dll

02910852 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\haewmqnk.dll

02910852 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\tvoflbev.dll

02911849 Adware/PurityScan Adware No 0 Yes No C:\Users\admin\AppData\Local\Temp\tvouynbm.dll

02911849 Adware/PurityScan Adware No 0 Yes No C:\Users\admin\AppData\Local\Temp\phlxojki.dll

02911849 Adware/PurityScan Adware No 0 Yes No C:\Users\admin\AppData\Local\Temp\lkuieakb.dll

02911849 Adware/PurityScan Adware No 0 Yes No C:\Users\admin\AppData\Local\Temp\qdgccgno.dll

02912162 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\aovtbutq.dll

02912307 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\txtsrjof.dll

02912307 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\mfveugis.dll

02912307 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\ocxehbmg.dll

02912307 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\yvnubuco.dll

02912783 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\yandkcnk.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

3

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

3

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Edited by JeanInMontana
remove code
Link to post
Share on other sites

Ok I have done the HJT and here is the log, I'll await your help, thanks. I had this programme before but deleted it as being a bit too complex lol. I noticed that Panda said I have AVG but I deleted that a while ago, please let me know if I should download AVG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:38:59, on 09/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\cbxww.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10480 bytes

Link to post
Share on other sites

Hi, here is my second time scan of Panda and then HJT after removing the quarantine in MBAM. Thanks again for all help:

PANDA:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-04-09 21:26:35

PROTECTIONS: 2

MALWARE: 65

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

McAfee VirusScan Enterprise 8.5.0.781 Yes Yes

AVG 7.5.516 7.5.516 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.doubleclick.net/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atdmt.com/]

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tradedoubler[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.247realmedia.com/]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.247realmedia.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediaplex[1].txt

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-24 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.yadro.ru/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.yadro.ru/]

00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][landing.domainsponsor.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-24 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@bs.serving-sys[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adtech[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/hc/30435142]

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][stat.onestat.com/]

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][stat.onestat.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@statse.webtrendslive[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bravenet.com/]

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bravenet.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][searchportal.information.com/]

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][searchportal.information.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]

00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\

Link to post
Share on other sites

This is the second time scan of HJT after removing the quarantine in MBAM. Thanks again for all help:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:33:57, on 09/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\cbxww.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10389 bytes

Link to post
Share on other sites

OK you are not following the initial instructions you need to turn off TeaTimer. This is a great tool but it can interfere with the procedures.

Open SB S&D

Click on the Tools section and then Resident.

You will see two items.

1. Resident "SD helper" (Internet Explorer bad download blocker.) active

2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck 2. Leave 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

Did you scan with SBS&D? I'm sure it will remove all those tracking cookies Panda finds.

Be sure you disable TeaTimer before we move on.

Please do another MBAM scan after you update. Make sure it is set to scan all of C . Post that log and a new HJT please.

Link to post
Share on other sites

Ok, I wasn't able to do this yesterday at the start as the popups from the tea timer block notification came too quickly so I couldn't reach the menu option sucessfully. I think I may have a different SB s&d as I don't appear to have the tools menu even after running as administrator, but have a similar option which I haven chosen by right clicking the SB Resident - s&d icon in the tray then unclicking resident protection but keeping Resident I.E. block all bad pages silently ticked and also using resident in I.E. ticked, use whitelists is also ticked. I tried to attach the two screenshots so that you have an idea of what I mean but I can't for some reason. Is this okay?

I did scan with spybot s&d yesterday before the panda scan but will do the spybot s&d scan again and then move onto MBAM and the HJT.

thanks.

Link to post
Share on other sites

Hi, here is my latest MBAM and HJT logs,. My system seems like it is nearly there as in I was using firefox whilst doing the mbam scan and it wasn't as slow. Following MBAM scan i deleted those infections found inc. quarantine, thanks:

Malwarebytes' Anti-Malware 1.11

Database version: 603

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 169104

Time elapsed: 1 hour(s), 5 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:24:49, on 10/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10109 bytes

Link to post
Share on other sites

You have not disabled TeaTimer and MBAM did not take action on these items

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.

Run HJT in scan only mode and put a check next to the following items and then click fix.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

You do not need to run as admin to do what is needed in SBS&D. Look at the screen shots below, please, and disable TeaTimer.

Once you have disabled TeaTimer run a full scan of C again with MBAM and take action on all items found. Post the log from that scan please.

Exit all running programs and browsers and run HJT again. Post that log.

post-1030-1207931484_thumb.png

post-1030-1207931502_thumb.png

post-1030-1207931516_thumb.png

post-1030-1207931484_thumb.png

post-1030-1207931502_thumb.png

post-1030-1207931516_thumb.png

Link to post
Share on other sites

HJT fixed the four files following the scan only.

I then managed to disable the teatimer thanks for the screenshots: I had to chose advanced options to display tools, settings etc. I had to do this as administrator - I have windows vista and it said I had to run it as administrator due to lack of permissions which it always states. Right following that I did MBAM scan (deleted all inc. quarantine for infections) here are the results (I had programmes running at that time).

Afterwards I exited and end tasked managed processing programmes so that they wouldn't run, I couldn't exit mcafee as the option for disabling it was unhighlightable if that makes sense lol (greyed out) and it wasn't on my end task manager processes screen.

So here are the BMAM and HJT logs, I hope I've done ok? After I exited programmes the system seemed to make a few adjusting sounds but I guess this is normal and there isn't that much risk as I wasn't browsing just HJT scanning?:

Malwarebytes' Anti-Malware 1.11

Database version: 603

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 168896

Time elapsed: 1 hour(s), 8 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:54:59, on 11/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9576 bytes

Link to post
Share on other sites

Ahh sorry about the advanced mode. I always run in that mode. AND Vista is just a PITA with the admin and permissions BS. Anyway looks like the offender is now taken care of with MBAM. How is the system running? Do you feel we have got you cleaned up? If so we have one final step.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full time protection from MBAM is offered at a very low price. See the trial link in my signature.

Edited by JeanInMontana
add information
Link to post
Share on other sites

Oh no problem, I know that my friend adores XP which I sort of miss on occassions.

Well my system seems to be running fine, it is definately quieter and back to it's usual speed I think. I do notice that when I am not doing anything on a webpage and just say reading it: the processing light still flashes every so often (maybe every 3-5 seconds) with a slight usual processing noise - is this ok? (I know it's hard to tell and I am probably just a bit paranoid now!).

The only other thing is that since all these fixes everytime I turn on and login the following window pop up box comes up and I was wondering how you turn it off?:

Run DLL

C:\users\admin\AppData\Local\Temp\cbxww.dll

Error loading: the specified module could not be found

I will take your useful advice on buffing up with an aditional firewall and getting AVG - I won't run these at the same time as mcafee and windows firewall as I think that causes conflictions right? Do you think that an additional scanner should be added too from your list?:

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

I'll hold on before doing a system restore. Once I have done it, if I need to restore the system, is it best to use the restore I'll create from your help or use the set of recovery discs HP have sent (not received yet)?

Thanks for your help on this.

Link to post
Share on other sites

Empty your temp files that should get that. I never recommended AVG. Get a decent firewall and turn off Windows firewall. I didn't recommend any antivirus programs so there is no conflicts with using all of the programs I listed. Some of them are not running processes at all. Set a new system restore point so you don't use the old one that is infected. This is not the same as reformat. Start> Control Panel> System> System Restore tab. Put a check in turn off System Restore. Reboot and repeat the procedure on create a new restore point. Name it something you remember, like clean restore point and create it.

Link to post
Share on other sites

Hi, so sorry for the late reply, I've been quite busy with uni. Right so I have made some progress sorry for the AVG misunderstanding:

I have after scanning with spybot s&d, MBAM, then McAfee Enterprise Anti-virus done a system restore point yesterday as directed of the C and D drive. Note mbam did find 7 trojans which I removed and deleted from quarantine and mcafee was all clear. Also I did a HJT scan today (I installed microsoft updates last night) and the following has come back:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Should I delete these? are they dangerous? I rescanned today with MBAM and no detections have been found.

I've downloaded the programmes for spyware protection minus hphosts which looks complex, and sitehound which didn't work when registering by failing to send login email details and I found it too in your face when browsing. Also unfortunately Online Armour is not compatible with Windows Vista. Have you any other firewall suggestions .e.g. Zone Alarm or Comodo? Is McAfee enough as my anti-virus (I find it so slow it took 6 hours to do a full system scan of the C and D drive)? I was tempted to download Avast Antivirus after reading a review - do you think this programme is any good? I guess I just want a faster anti-virus lol.

Oh another question, I did a system restore for both the D drive (the backup) and C drive, but I only put a check next to the c drive as not requiring a system restore point before restarting and creating it. I am a bit worried that the D Drive could potentially still have the virus though I am not sure. Should I uncheck the d drive system restore point and then create a system restore point like I did for the C Drive?

Finally, for a web browser I always use firefox, but have I.E. just incase. I was thinking of using Opera as a web browser as I read a review about it being faster and more secure then Firefox and I.E. What is your opinion on the three?

Link to post
Share on other sites

Hi again. School is important. Those two lines in HJT are not dangerous. hpHosts isn't that complex. It is a hosts file basically you install it and forget it except for updates.

If SiteHound is in your face, it's doing it's job. You got infected remember? That infection may have come from a site you should not have gone to. McAfee is a resource hog for the most part and not the best choice for protection IMO. Avast is good, so is Avira Antivir both have a free version, but you should never run two active AV programs at the same time.

Scan your D drive, this is the HP recovery drive correct? If it comes up clean you should be fine. It can become infected.

Browsers, I use Firefox exclusively unless some site has not entered the 21st century and is not W3C compliant. Opera is not safer or faster. Bottom line you can get infected using any browser and any amount of protection. Prevention is the key and the majority of the items I list for users are prevention tool.

I posted about OA and Vista on the OA forums. I need more details please. Why do you say it wont work with Vista? I found plenty of posts on their forums to show it does. ZA and Commodo will do what you need, I don't like to suggest them because their ethics have slid to the dark side.

Lets see another scan with MBAM after update do a full system both drives and a new HJT log to be sure.

Link to post
Share on other sites

I haven't downloaded hphosts yet as I wanted to make sure that I just have to click the right one and then once downloaded the updates will come as part of the programme or do I have to keep going back to the website?

I haven't downloaded SiteHound as when I did previously, I registered twice but an error message said could not send message (with registration details) and then when I tried to create a new account it said email address already on system even though it said before that it could not send message - I uninstalled - I may get again but not sure as I've already given two email addresses and had no email with registration confirmation. Also when I was in yahoo sending an email I couldn't even spell check as that button had been replaced with a sitehound button saying not recognised or something! I wouldn't mind getting it if I could tweak it a bit so not to interupt yahoo email spell check etc. Also when I was browsing today I clicked on what I thought was an innocent link to which I thought would be about soap but instead it came up with this save file exe. which looked just like a virus - I end tasked it. Iwouldn't mind site hound but not sure how to register! Unless I click forgetten details (I'll investigate further).

Thanks I saw the post re: OA - I see it will be about a month for a vista version so have downloaded and installed Comodo as it apparently doesn't hog so much. Comodo did a full system scan and in the beginning it kept flashing up with all these requests (some I just said block to as it said it wasn't sure etc and I didn't know what it was, others I thought OK for instance outgoing connections that I thought was for my internet. Also the full scan it did came out clean.

Just to double check it's fine to have more than one anti-virus just not running at the same time - is that what you mean? If so I'll download Avast.

Also I have noticed that there are quite a few folders in my c drive that have been restricted - although I haven't changed any settings an error message of access denied comes up when I tried to access my music, my pictures and even folders within windows. I login with administrator rights so am a bit confused on how I can unblock all this for my use when I login as I have to keep going into an individual folder and editing the sharing option.

Right here are the logs - one virus on MBAM (oh yes the D drive is the backup and it scanned clean before the restore point) also I really would like advice on how to remove the Run DLL

C:\users\admin\AppData\Local\Temp\cbxww.dll / folder cmds that it found as Comando and WinPatrol keep popping up stating that the file is trying to either be in my registry or start-up programmes list. Although I keep clicking remember decision and deny it (including delete on reboot) it just keeps on popping back (this was even after removing on MBAM).

MBAM:

Malwarebytes' Anti-Malware 1.11

Database version: 636

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 170127

Time elapsed: 1 hour(s), 9 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:13:28, on 19/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\cbxww.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10022 bytes

Link to post
Share on other sites

You have two Antivirus running. Pick one or the other McAffee or Symantec. Neither is a first choice IMO both are resource hogs and don't do the best job. Avast is a better choice but you cannot run them all at the same time.

A hosts file ls not a program. It adds a list of sites that are bad to the block list for safe surfing. Once you install it, yes you should do updates when they are made. However any protection already added is better than none.

That .dll is related to Vundo from what I find. So we will do this.

Please download VundoFix.exe

to your desktop. http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.

* Click the Scan for Vundo button.

* Once it's done scanning, click the Remove Vundo button.

* You will receive a prompt asking if you want to remove the files, click YES

* Once you click yes, your desktop will go blank as it starts removing Vundo.

* When completed, it will prompt that it will reboot your computer, click OK.

* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above

instructions starting from "Click the Scan for Vundo button." when

VundoFix appears at reboot.

Link to post
Share on other sites

Hi, Thanks for reopening :angry:

I tried Avast but unfortunately once restarted it made my laptop function really slow and had quite a few errors. So instead I uninstalled then downloaded AVG and am using Commando in the meantime and have turned off the windows firewall (mcafee and symantec uninstalled anti virus). I haven't downloaded sitehound yet as I was wondering if it will intefer with AVG Search shield?

Right so I downloaded Vundo fix and it found no errors, which is good. AVG found a few potential threats which I deleted all and removed from quarantine, but I do keep getting that error message once PC has started on occassions for cwdxx.dll.

Here are the AVG and Hijack logs, I noticed for some reason that although I uninstalled McAfee Enterprise it still says its running and I can't see Winpatrol or avg as running?:

AVG:

Scan "Scan whole computer" was finished.

Infections found:;"0"

Infected objects removed or healed;"0"

Not removed or healed.;"0"

Spyware found:;"0"

Spyware removed:;"0"

Not removed:;"0"

Warnings count:;"0"

Information count:;"0"

Scan started:;"27 April 2008, 13:52:17"

Total object scanned:;"1020856"

Time needed:;"54 minute(s) 39 second(s) "

Errors encountered:;"0"

Warnings

File;"Infection";"Result"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000001-C003-4A2F-9142-7CB1D78DE6C1};"Found Adware.InternetOptimizer";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000049-8F91-4D9C-9573-F016E7626484};"Found Adware.Isearch";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00110011-4B0B-44D5-9718-90C88817369B};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{002AF282-E42D-4B51-9F70-F1570C02FAAD};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00C9C6A4-1889-46BC-B73A-F4DDCC042735};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441};"Found Downloader.ConHook.l";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01E69986-A054-4C52-ABE8-EF63DF1C5211};"Found Adware.CramToolbar";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01EB5130-FC0C-4d75-B9CE-4801B1B854F5};"Found Adware.Begin2Search";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{037CE595-57CB-4EB5-9775-97BC112F3BB3};"Found Trojan.Bomka";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06EECACB-F7C6-4ab9-B6AE-2DC4ED4588BB};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{086AE192-23A6-48D6-96EC-715F53797E85};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{08A312BB-5409-49FC-9347-54BB7D069AC6};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0A51FD8D-6835-4212-B796-AFC24F4D108A};"Found Adware.CreatrixMedia";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D4C7057-EAD2-44C6-AD18-9092905F28F1};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66};"Found Adware.RogueSuspect";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11111111-2222-3333-4444-555555555555};"Found Adware.Casino";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11904CE8-632A-4856-A7CC-00B33FE71BD8};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6};"Found Adware.Shorty";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13146842-6251-5625-3072-548536364311};"Found Logger.Goldun.an";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13589181-4F0D-4553-B9F8-B4B72172C139};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{150FA160-130D-451F-B863-B655061432BA};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{16DF666F-BA95-4F41-B396-1381C2BA66F4};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{18F57D30-EF36-4C0E-9343-7BFA6DF79B4A};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C4DA27D-4D52-4465-A089-98E01BB725CA};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482E-80C0-3A1E5238A565};"Found Adware.Isearch";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CA480CD-C0E5-4548-874E-B85B17905B3A};"Found Trojan.Zlob.f";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E6CE4CD-161B-4847-B8BF-E2EF72299D69};"Found Logger.Sters";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB};"Found Adware.Begin2search";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2305D8B7-B649-4C65-BA03-4C8B05213E1A};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2353FCBC-012D-487B-8BF3-865C0929FBEB};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2513A321-CB50-4C5F-91C5-80342AFACFB1};"Found Adware.TitanShieldAntispyware";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{25E1A054-1262-459F-9F14-BF06148F4253};"Found Trojan.Bomka";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{28DFFB3C-A6C2-481B-B8D7-AD205DECBA6E};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A7372BA-656A-409A-B76D-F2B2B2DC6B1F};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D38A51A-23C9-48a1-A33C-48675AA2B494};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E246FAE-8420-11D9-870D-000C2917DE7F};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3050F4D8-6D62-11CE-AF61-013309406392};"Found Trojan.BindFil.g";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3050F4D8-6D62-11CE-AF61-E13309406392};"Found Trojan.ZMark.a";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31615D5C-5126-448A-818A-A7CDFEE85A9B};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{325338F0-AED0-45f6-A0DA-B5B09E6A07ED};"Found Adware.SavingsHound";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{366B2151-E1C7-44a3-86A3-E5686C2A3D2F};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39C78B50-7E98-4aa0-B007-D83114EA6E0F};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39D3264A-0031-49DB-860D-37647ACCB78A};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39F25B12-74FF-4079-A51F-1D70F5B08B84};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593};"Found Adware.RogueSuspect";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3BF1F86F-B1A8-489B-8D8B-43781D51411F};"Found Hijacker.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B};"Found Adware.TitanShieldAntispyware";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3FE36807-69ED-45D1-B9BE-85C0E3F75B6A};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4136C3F6-7636-49bf-A122-D4DA53B1ADDF};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4145B998-6511-46de-A873-FD1DBD053164};"Found Adware.SurfComp";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41ED67C9-2734-4094-AD92-32F9EFEB5CC7};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{426F81A5-0B8C-4948-8115-11606FD3F389};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{429E4B60-3CEC-43C3-A53B-501C25F7F5FD};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44};"Found Trojan.Small.anm";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4734044C-7427-43D8-ADBE-DF942E52BEF2};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E};"Found Adware.NewDotNet";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A85F02A-CCD3-4E96-9BB1-7ACE7D0B9C23};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AA870AC-8427-42a4-B92E-ECD956197489};"Found Adware.BetterInternet";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C1F2-F063A09BB32A};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5054F860-748D-4840-B7B4-DDDB428421AF};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5240864B-FDFE-4563-3514-463926792311};"Found Logger.Goldun.ac";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{52B1DFC7-AAFC-4362-B103-868B0683C697};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{56262124-6251-5625-3072-548536364311};"Found Logger.Goldun.aa";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5753791B-F607-48CA-814E-91C14D081F9E};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84};"Found Downloader.Agent.rs";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5FCA4D4F-CBDD-4263-3814-463926792311};"Found Logger.Goldun.ae";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{61468245-A343-CF27-3452-44DF4679BDF1};"Found Trojan.Goldun.v";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{62457936-6381-6170-3572-468926792311};"Found Logger.Goldun.ed";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65194BCE-CBDD-4263-3814-463926792311};"Found Logger.Goldun.h";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{659E147E-BD03-4605-988C-AA6D7EA497CA};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65E9801C-0472-47F9-85A0-8442D47A82B0};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DA975EA-CBB4-411B-97C0-DB0A892BF2C1};"Found Trojan.Agent.dq";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782373};"Found Trojan.Wayphisher";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782375};"Found Trojan.Wayphisher";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E28339B-7A2A-47B6-AEB2-46BA53782378};"Found Trojan.Wayphisher";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E2CE423-B3F7-4DCC-ACF3-8671CC20BFCF};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6EEB621D-02F7-4EE6-B889-C6218BFCFEA8};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6F3F8C08-2506-4CD0-B1A9-E4A83383CBBB};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6F71C05E-6C91-4A3A-9146-9C19DA2E4CCE};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{724510C3-F3C8-4FB7-879A-D99F29008A2F};"Found Hijacker.SpyAxe";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7507739F-BC2E-4DC3-B233-816783C25DC9};"Found Downloader.Delf";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7697DB96-5DA3-44F2-BC97-AD35E5F4CEDC};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{780916B6-00F4-484C-8AF7-A69CEAE0736B};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78653A3E-A63F-42A9-A6FE-7524F4058767};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A002FB-C126-462D-B4A7-81D6B42D1666};"Found Adware.DirectIP";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3};"Found Trojan.Kolweb.b";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7BF451AC-2010-4804-B256-DB2F0A8D9EB6};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7E093FD0-5372-4FD5-9C7B-875668B4CDB2};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FC91C90-8256-4868-B4B1-DACDDC9A4546};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{80D484FE-0AA1-4D80-9FF2-5B196084E051};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{811ABD55-9D94-4892-AB46-11D7DA29B8AE};"Found Downloader.Small.ain";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{826B2228-BC09-49F2-B5F8-42CE26B1B712};"Found Downloader.Delf";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{827DC836-DD9F-4A68-A602-5812EB50A834};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8333C319-0669-4893-A418-F56D9249FCA6};"Found Adware.TitanShieldAntispyware";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83A5F7B7-DC75-44CE-9195-264F41709FA9};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{84695FD5-A8A8-11D8-978E-005022E14DE2};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85597C9D-3994-4B7F-8CE3-515E632297A1};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{86059629-45EE-4AA6-A994-672B68AC8B44};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87185E78-A61B-4DB3-965A-3235BBD7A622};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{873EB32D-AE1A-4183-89BD-45A77F761BE4};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88C9975E-3995-4C53-BB17-B893F278049A};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88CC91DE-5930-45AD-9E04-6B1233609FEA};"Found Adware.Appoli";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88DE3E1B-3D01-4032-9BAE-FD1994A3D7B8};"Found Adware.RogueSuspect";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B309141-83A9-4C92-BCBE-2ADA24058DF0};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DBF02DA-4360-4A7E-BEA1-347B87816327};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8E13DDE1-E013-47ec-9C4C-27C2F78BDD26};"Found Trojan.Conhook.c";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9068A414-3AF9-4F79-AF1C-E6EA415BAF52};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9148C6A5-5F1A-41EC-B3C2-883FA9F2CBAC};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{93C6313C-9DB4-4694-8BD0-E378C573A9AD};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12};"Found Adware.Begin2Search";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF};"Found Adware.TitanShieldAntispyware";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E69A5DE-24D3-4D3B-8117-5B60439EBFC2};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A19EF336-01D4-48E6-926A-FE7E1C747AED};"Found Adware.MWSearch";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A5845A98-EBDA-4670-9DE6-5201C506E741};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D};"Found Trojan.KillAV.e";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A708A39C-8DA7-4e36-B3B0-0A1FFAFD4BCD};"Found Trojan.KillAV.e";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A717DBE3-D78D-4aa7-BDCF-2CC06B36371B};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AC9382D7-F0ED-4350-B7A7-4A383A1A93B0};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD42064F-2C53-CB42-1263-6A7F24C2B819};"Found Adware.RogueSuspect";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D};"Found Adware.7000n";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF43C96A-216D-7D7A-AF61-0018C6061DD0};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF7FCAFB-9FDB-4F5E-BAC6-68BDEE61D6C6};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B313D637-F405-4052-AC37-E2119AB3C8F8};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B49DA3DF-E569-423d-BDEA-8F89128E8107};"Found Trojan.Foron";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B53455DB-5527-4041-AC41-F86E6947AA47};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B72549CE-5644-4116-B8A4-A2B042321EC4};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8B55274-0F9A-41E5-9067-A3539BD9E860};"Found Trojan.Agent.dj";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408};"Found Adware.Able2know";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BEF178EB-79D6-4BFA-8213-6FB8EA4769C8};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1FE7C8F-043A-4FAC-AB62-2CC56F7482B1};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C370527A-24A7-4583-BE01-72E59000EB17};"Found Adware.AFAEnhance";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C3A64E2B-748B-4CA4-B20C-8C2817E12A6F};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C75A33FE-50C7-4F0F-81B0-6EB2272022CB};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C95FE080-8F5D-11D2-A20B-00AA003C157A};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CBE0D59D-F985-4AC6-8826-FEE957065D42};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE70731D-F28D-4D81-9D61-C8EE60378401};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-0BED-709549C10020};"Found Hijacker.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10000};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-717765721306};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D1AC752E-883F-4ED8-8828-B618C3A72152};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D4D5C535-BA95-4327-870D-A33826FDD17A};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5EFDB0E-4F51-414F-B740-54A5C87A8957};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D9E5F993-FAEC-45B1-84F4-78A5BF27ED89};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4};"Found Adware.MWSearch";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DDDC947A-43F1-446A-A257-632F3ABDC212};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DE23A040-D6AA-43ca-9B86-D9BE3DAA6FE7};"Found Trojan.KillAV.F";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E14DCE67-8FB7-4721-8149-179BAA4D792C};"Found Trojan.Ciadoor.m";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2DDF680-9905-4DEE-8C64-0A5DE7FE133C};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E694E3DC-723F-40C7-87FE-6FFC222AD122};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E730189A-9973-4121-B046-AD1C161EC3AF};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD};"Found Hijacker.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA806E03-A6B1-205A-117C-013309406392};"Found Trojan.Singu.s";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EB1CE8AA-7F27-45D3-BA59-37AFBFB4437F};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC83B900-B33A-D316-EF7D-013309406392};"Found Trojan.Stoped.b";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E};"Found Adware.SpyAxe";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EE02B99B-1D55-48bc-B8DB-649A42CE45F6};"Found Adware.CreatrixMedia";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F007E221-018D-4baf-924A-B0E9092F3853};"Found Adware.CreatrixMedia";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F5BDC469-1EC5-4193-824B-2E209993D183};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F74B358E-6979-40a9-96CD-636C80B87AFF};"Found Trojan.BankAsh.g";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F7D40011-29BB-43EB-9C97-875CE89E9E36};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA1A6CC3-BE63-4f7c-A455-417D35A67DA6};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBD49452-69E0-4837-91FA-9227A6DD1A83};"Found Adware.Vundo";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC148228-87E1-4D00-AC06-58DCAA52A4D1};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FD9BC004-8331-4457-B830-4759FF704C22};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FDC47F1A-61E1-4AC5-89CA-6B95644953AE};"Found Adware.Virtumonde";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9};"Found Adware.SecureServicePack";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880};"Found Adware.Generic";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFD2825E-0785-40C5-9A41-518F53A8261F};"Found Adware.TitanShieldAntispyware";"Deleted"

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF};"Found Adware.Generic";"Deleted"

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[1].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[1].txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Moved to Virus Vault"

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[1].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[1].txt;"Found Tracking cookie.Advertising";"Moved to Virus Vault"

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@aoluk.122.2o7[1].txt:\aoluk.122.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@aoluk.122.2o7[1].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\revsci.net.55564293;"Found Tracking cookie.Revsci";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\yadro.ru.c77afad5;"Found Tracking cookie.Yadro";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\pro-market.net.1d1ba569;"Found Tracking cookie.Pro-market";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt:\pro-market.net.bbf67f2d;"Found Tracking cookie.Pro-market";"Healed"

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt;"Found Tracking cookie.Serving-sys";"Healed"

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:13:28, on 19/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\cbxww.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10022 bytes

Link to post
Share on other sites

I can't help you if you won't follow instructions. I have never asked for a log from AVG. It shows it removed Vundo.... so why would vundofix not find it? When I ask for logs. I want to see those logs. You still have TeaTimer active. That is one of the first things you are asked to stop. It will keep tools from working, and it can cause F/P's.

You still have the Symantec updater installed, you can remove it from add/remove programs. What were the errors from Avast? Warnings of infection perhaps? You are still infected.

Turn off TeaTimer.

Open SB S&D

Make sure you are in Advanced Mode.

Click on the Tools section and then Resident.

You will see two items.

1. Resident "SD helper" (Internet Explorer bad download blocker.) active

2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck 2. Leave 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

Run HJT in scan only and put a check next to these items then click fix.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\cbxww.dll,c

Now please update MBAM and run a full scan of C and post that log and a new HJT log.

Link to post
Share on other sites

Re: McAfee Enterprise - I uninstalled this yesterday using control panel and uninstall programmes. I have rechecked and it is not in the list of programmes under control manual however I have checked programme files and there are files from mcafee here: C:\Program Files\McAfee\Common Framework - although none of them say uninstall. What should I do?

Re: Symantec - I checked control manual / uninstall programmes and it is not there - I checked C Drive / Programme files and it is not there either - I checked Sitehound and it is not listed so not sure how I get rid of.

Re: Avast - I wasn't specific enough. When I installed it I rebooted and it did a scan on reboot which was basically before logging in / windows loaded. After it finished I manually deleted a few things it found using the prompts on screen (I briefly remember this being something to do with java not sure though). It finsihed the reboot scan and the screen went black - there was no option to log in. So with no response I switched laptop off and on again. When I did log on my desktop seemed to go blank then the icons came back on - I even saw McAfee in one corner but that disappeared and was replaced by AVG etc. Ever since then the laptop ran very weird - an error message came up at some point (although I was half asleep so can't remember what it was). So I decided to instead of doing a reboot scan to click on avast and attempt a scan. Unfortuanately this didn't work well, it was slow and didn't respond and I felt that my laptop was going in a state of being all over the place so I uninstalled (note I had commodo on, added the programme to trusted but then shut down the firewall in the hope it would help). So after all this I thought I would try AVG as I wanted something quick and easy - is this wrong or would you suggest I try Avast again?

Re: VundoFix v7.0.3 - I ran this last night and again today just to make sure by clicking the scanning button. It said done searching for files - no infected files were found. I tried to look for a log as it wasn't there in the programme by looking in the folder on my c drive/programmes folder - but I couldn't find the programme under Vundo Fix or Attribune, I'm not sure if you want a log of that but just incase.

Re: TeaTimer - I've switched this off and will remember next time (I thought if I didn't have it open that that would be the equivalent of turning it off but I guess not).

Re: HJT fixes - I did all of them.

MBAM log:

Malwarebytes' Anti-Malware 1.11

Database version: 694

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 166812

Time elapsed: 1 hour(s), 22 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT - I had to re-delete the two R0 keys as it came back (00:33 scan) this is after deleting:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:36:56, on 29/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8888 bytes

Link to post
Share on other sites

Hi again. Delete Vundofix. Never run these sorts of tools unless you are asked, it is dangerous to your system. Your log is looking good AVG must have got it yesterday.

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey <====== That is a remainder from McAfee You can remove it using HJT and look for the program file and delete it.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.

Link to post
Share on other sites

Hi, yeah nearly there :angry: I have deleted Vundo Fix sorry for running it again and I've also deleted it from trash can.

Re: HJT- I did check Mcafee and press fix, then rescanned and it returned for key:

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

So I moved onto C:\Program Files\McAfee and tried to delete the whole folder McAfee - windows said I needed permission so I pressed okay and attempted to change the file and subfolders within it by unchecking the read only box. Unfortuantely windows said I did not have this permission. So I went to control panel/manage user accounts and can see that I am logged in and have full administrative rights. So I'm not sure how to delete it? Other folders say the same thing although I am an administrator with full rights (c\users\documents\my videos , my pictures etc.

Also from the HJT log there is another key, should I try to delete this also?:

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.