Jump to content

Recommended Posts

Hi, need your help unfortunately :(

In chronological order: sister deleted/uninstalled all the protection on laptop a few weeks ago. 2days ago saved and loaded something that I later found out is the zeroaccess rootkit.

First did not really new what to look for, she gave me confusing info. So I downloaded Malwarebytes antimalware and updated it. Tried to run. Couldnt. Switched off after a few seconds, same with Avast.

After a quick search on the net downloaded Combofix,(renamed straight to Combo-fix) run it, saved log, didnt helped, but it said that Im infected with zeroaccess. Could not disable Avast, nor rename Malwarebytes. Than run combo-fix again. No help again. Did more search on the net.

After this I downloaded and saved logs for TSSDKILLER and GMER, and aswMBR.

*unchecked the IAT, and show all and run scan only on main C: drive for GMER as read in a pinned forum topic.

Google search gets redirected only occasionally, "normal" searches are fine, but searching for "zeroacces rootkit" gets redirected a few times only.

Im ready to start from the beginning and follow new instructions. Here are the logs, you will probably ask me for, attached:

Combo-fix_log.txt

aswMBR-log.txt

MBR.zip

TDSSKiller.2.5.11.0_20.07.2011_20.37.28_log.txt

Combo-fix_log-2.txt

gmer-log.log

Link to post
Share on other sites

Hello gr3g0ree and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.

It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that said, please proceed with the following ;):

-------------

Please download maxhandle.exe by noahdfear to your desktop

  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.

Please post the results for my review

-------------

XP

You must first verify that you can logon to the Windows Recovery Console.

To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console

Now, go back to Normal Mode.

Next, please download maxlook, saving the file to your desktop.

Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to the Recovery Console.

Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat

lookXP.gif

You will see 1 file copied many times then return to the x:\windows> prompt.

Type Exit to restart your computer then logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!

It will produce looklog.txt on the desktop and open it.

Please post the results here.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
You have ComboFix running from a location other than the Desktop.
Please delete the following file (in bold):
c:\documents and settings\Maria\My Documents\Downloads\Combo-Fix.exe
Then proceed with the following:
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
In your next reply, please include:
  • Maxhandle log (if one is created)
  • Maxlook looklog.txt
  • TDSSKiller log
  • C:\ComboFix.txt

How is your computer running now?

Link to post
Share on other sites

Thx for the reply and taking the time Fred, or Mr. Brown, or Yo D ;)

Conclusion first: have the feeling that it did not helped.

My procedure as follows: came home, read the instructions first, then restarted PC to check if the recovery console is there :) and works. Than exit without executing any commands.

,downloaded maxhandle, left internet connection active. Run the program as instructed/requested with "nothing found" as a result.

After that downloaded maxlook, saved to downloads folder, run it as requested, asked me to restart to recovery console, did that, choosed the OS drive letter (C:\) typed the command in as instructed. It did what it had to, than Exit to normal mode.

Run maxlook again, saved log. No infected file found as a result.

Downloaded TDSSKiller again, scanned, saved log. Found no malicious but 1 suspicious object.

After it tried to run Malwarebytes antimalware, and still couldnt run it, tried to open Avast, couldnt.

Last steps were to delete the previous combofix, and try and get avast inactive before downloading and running combofix again.

Could not find a way to open Avast, nor to find any proper install like "avast" file.

The path in the properties of the .exe as Target says: "C:\WINDOWS\update.tray-7-0-lnk\svchost.exe tray 7-0 1" which is unusual for me.

Downloaded "your installer" tried to find and uninstall it. Couldnt. Ended up turning it off and deleting from the start-up menu. Restart.

Downloaded combofix to the desktop, run it, midway asked to turn Avast off so the green monster in me ;) "raped" and deleted the folder where avast.exe path showed, the "update.tray-7-0-lnk" folder in windows. No help. Combo run with a warning, and saved the log.

Tried to run malwarebytes, still couldnt.

End of story.

There are no apparent symptoms apart from malwarebytes not running. Not using net on this PC as I have another one too.

All the tasks went smooth, too smooth, till combofix asked me to switch Avast off.

How is it possible to hide all the avast files, no install/uninstall found.

Any more ideas to try? Is it possible to freeze all the processes and run only combofix, or to do "brainsurgery"-cut off infected parts and coldrestart to recovery console?

Is it possible to get rid of this rootkit by a norton backup restore? (have a backup drive, D:) or by a complete new windows reinstall?

If its possible, would still like to try and avoid reinstalling the OS.

Thx for help again, any other ideas, suggestions are appreciated.

Logs attached.

looklog_maxlook.txt

TDSSKiller.2.5.11.0_21.07.2011_20.36.56_log.txt

comboFix_log.txt

Link to post
Share on other sites

Thx for the reply and taking the time Fred, or Mr. Brown, or Yo D ;)

No problem ;)

After that downloaded maxlook, saved to downloads folder,

I need you to download and run it to your Desktop. Please delete the copy you have in 'Downloads'. Then, please download a new copy, and go through the procedure again, and post the log it creates ;)

We'll worry about Avast and the rest of that in time- right now, let's get Maxlook where it should be and we'll take it from there :)

Also, for future reference, please include the logs as posts rather than as attachments- it makes it easier for me to read them that way.

Link to post
Share on other sites

Deleted everything from the desktop and from downloads, all maxlook, maxhandle, combo, tdsskiller files. Did a restart, downloaded maxhandle to desktop, run it, no log "nothing found".

Downloaded maxlook to desktop, run it straight, and did not found anything, also did not asked me to restart to recovery console. Just "press a button" to close it.

Did a restart despite of it to the console, tried to run the batch look.bat command, "system could not find the file or directory specified". Exit to system and writing this reply now ;)

Link to post
Share on other sites

Deleted everything from the desktop and from downloads, all maxlook, maxhandle, combo, tdsskiller files.

We're not done with those programs - please restore ComboFix and TDSSKiller. I'll let you know when its necessary to delete files and such. In this case, only maxlook needed to be deleted and re-ran, the rest were fine.

Next, please do the following:

Please go to Start > Run and type:

maxlook -sig

and hit Enter.

Note:

Be sure that you have internet connection. Please post back with the logfile which will open in notepad.

Link to post
Share on other sites

maxlook logfile:

Run from C:\Documents and Settings\Maria\Desktop\maxlook.exe on 21/07/2011 at 23:35:10.31

--------- maxlook unsigned files ---------

c:\windows\maxdrive\cercsr6.sys:
Verified: Unsigned
File date: 18:29 21/12/2004
Publisher: Adaptec, Inc.
Description: DELL CERC SATA1.5/6ch Miniport Driver
Product: Dell RAID Controller
Version: 4.1.0.7405
File version: 4.1.0.7405
c:\windows\maxdrive\netbios.sys:
Verified: Unsigned
File date: 08:00 14/04/2008
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\cercsr6.sys:
Verified: Unsigned
File date: 18:29 21/12/2004
Publisher: Adaptec, Inc.
Description: DELL CERC SATA1.5/6ch Miniport Driver
Product: Dell RAID Controller
Version: 4.1.0.7405
File version: 4.1.0.7405
c:\windows\system32\drivers\netbios.sys:
Verified: Unsigned
File date: 08:00 14/04/2008
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a
c:\windows\system32\drivers\sptd.sys:
Verified: Error accessing file
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a

Link to post
Share on other sites

Please navigate to the following folder (in bold):

c:\windows\system32\drivers\

Please locate the following file(s):

netbios.sys

Highlight them, Right-Click and select Copy.

Then, navigate to your Desktop and Paste them there.

After you have pasted them to your Desktop, please navigate to http://www.virustotal.com/

Click Browse and choose the following file to upload:

c:\documents and settings\Maria\Desktop\netbios.sys

Then, please copy and paste the report it creates here for me to see ;)

Link to post
Share on other sites

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: 58f7421393048c12b2f8f2fde5246375

Date first seen: 2011-07-16 15:25:02 (UTC)

Date last seen: 2011-07-16 15:25:02 (UTC)

Detection ratio: 0/43

What do you wish to do?

Reanalyse View last report

;)

Link to post
Share on other sites

Reanalyze results of the same file, if needed:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: netbios.sys

Submission date: 2011-07-21 22:39:20 (UTC)

Current status: finished

Result: 12/ 43 (27.9%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.07.22.00 2011.07.21 -

AntiVir 7.11.12.48 2011.07.21 TR/Gendal.kdv.295772

Antiy-AVL 2.0.3.7 2011.07.21 -

Avast 4.8.1351.0 2011.07.21 Win32:Alureon-AGH [Rtk]

Avast5 5.0.677.0 2011.07.21 Win32:Alureon-AGH [Rtk]

AVG 10.0.0.1190 2011.07.22 -

BitDefender 7.2 2011.07.22 Trojan.Generic.KDV.295821

CAT-QuickHeal 11.00 2011.07.21 -

ClamAV 0.97.0.0 2011.07.21 -

Commtouch 5.3.2.6 2011.07.21 -

Comodo 9463 2011.07.22 -

DrWeb 5.0.2.03300 2011.07.22 Trojan.Packed.2221

Emsisoft 5.1.0.8 2011.07.21 -

eSafe 7.0.17.0 2011.07.21 -

eTrust-Vet 36.1.8457 2011.07.21 -

F-Prot 4.6.2.117 2011.07.20 -

F-Secure 9.0.16440.0 2011.07.22 Trojan.Generic.KDV.295821

Fortinet 4.2.257.0 2011.07.21 -

GData 22 2011.07.22 Trojan.Generic.KDV.295821

Ikarus T3.1.1.104.0 2011.07.21 -

Jiangmin 13.0.900 2011.07.21 -

K7AntiVirus 9.108.4933 2011.07.21 -

Kaspersky 9.0.0.837 2011.07.21 Rootkit.Win32.TDSS.fe

McAfee 5.400.0.1158 2011.07.22 -

McAfee-GW-Edition 2010.1D 2011.07.21 -

Microsoft 1.7104 2011.07.21 -

NOD32 6314 2011.07.22 a variant of Win32/Sirefef.CL

Norman 6.07.10 2011.07.21 -

nProtect 2011-07-21.01 2011.07.21 -

Panda 10.0.3.5 2011.07.21 Trj/CI.A

PCTools 8.0.0.5 2011.07.21 -

Prevx 3.0 2011.07.22 -

Rising 23.67.03.03 2011.07.21 -

Sophos 4.67.0 2011.07.22 -

SUPERAntiSpyware 4.40.0.1006 2011.07.21 -

Symantec 20111.1.0.186 2011.07.22 -

TheHacker 6.7.0.1.259 2011.07.21 -

TrendMicro 9.200.0.1012 2011.07.21 TROJ_KRYPTIK.SMP

TrendMicro-HouseCall 9.200.0.1012 2011.07.22 TROJ_KRYPTIK.SMP

VBA32 3.12.16.4 2011.07.21 -

VIPRE 9923 2011.07.21 -

ViRobot 2011.7.21.4581 2011.07.21 -

VirusBuster 14.0.133.0 2011.07.21 -

Additional informationShow all

MD5 : 58f7421393048c12b2f8f2fde5246375

SHA1 : 686770cea8fcb4fdb8eec3fd94030c610ae98346

SHA256: 76cb70186a4689c63034cc1b784aac2a60ead99adbf0b719c57c41ee151e2aec

Link to post
Share on other sites

Don't worry about it - Daemon was using it so that verifies that its safe ;)

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    netbios.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

The scan result:

SystemLook 04.09.10 by jpshortstuff

Log created at 07:22 on 22/07/2011 by Maria

Administrator - Elevation successful

========== filefind ==========

Searching for "netbios.sys"

C:\WINDOWS\maxdrive\netbios.sys --a---- 34688 bytes [07:00 14/04/2008] [07:00 14/04/2008] 58F7421393048C12B2F8F2FDE5246375

C:\WINDOWS\system32\dllcache\netbios.sys --a--c- 34688 bytes [07:00 14/04/2008] [07:00 14/04/2008] 5D81CF9A2F1A3A756B66CF684911CDF0

C:\WINDOWS\system32\drivers\netbios.sys --a---- 34688 bytes [07:00 14/04/2008] [07:00 14/04/2008] 5D81CF9A2F1A3A756B66CF684911CDF0

-= EOF =-

RPCMINER and PHOENIX might relate to something called bitcoinminig. Never heard about it. UFA has 1 executable in it only. No idea what it does, might get rid of it ;)

Link to post
Share on other sites

Run aswMBR now, here is the log if it helps:

run it yesterday late evening and it found netbios.sys infected.

aswMBR version 0.9.8.945 Copyright© 2011 AVAST Software

Run date: 2011-07-22 07:48:39

-----------------------------

07:48:39.125 OS Version: Windows 5.1.2600 Service Pack 3

07:48:39.125 Number of processors: 1 586 0xD08

07:48:39.125 ComputerName: MARIA UserName: Maria

07:48:39.500 Initialize success

07:48:51.359 AVAST engine defs: 11072101

07:48:56.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

07:48:56.062 Disk 0 Vendor: WDC_WD400VE-75HDT1 11.07D11 Size: 38154MB BusType: 3

07:48:56.078 Disk 0 MBR read successfully

07:48:56.093 Disk 0 MBR scan

07:48:56.156 Disk 0 Windows XP default MBR code

07:48:56.156 Disk 0 scanning sectors +78124095

07:48:56.250 Disk 0 scanning C:\WINDOWS\system32\drivers

07:49:07.000 Service scanning

07:49:08.062 Modules scanning

07:49:14.343 Disk 0 trace - called modules:

07:49:14.359 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spui.sys hal.dll >>UNKNOWN [0x89bbc938]<<

07:49:14.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bfbab8]

07:49:14.375 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89b3fd98]

07:49:15.312 AVAST engine scan C:\WINDOWS

07:49:21.296 AVAST engine scan C:\WINDOWS\system32

07:50:54.953 File: C:\WINDOWS\system32\searchindexer.exe **INFECTED** Win32:Patched-WQ [Trj]

07:51:27.281 AVAST engine scan C:\WINDOWS\system32\drivers

07:51:40.968 AVAST engine scan C:\Documents and Settings\Maria

07:56:40.187 File: C:\Documents and Settings\Maria\My Documents\Downloads\Flash-Player (1).exe **INFECTED** Win32:Kryptik-DUA [Trj]

07:56:40.437 File: C:\Documents and Settings\Maria\My Documents\Downloads\Flash-Player.exe **INFECTED** Win32:Kryptik-DUA [Trj]

07:56:51.140 AVAST engine scan C:\Documents and Settings\All Users

07:57:32.750 Scan finished successfully

08:09:52.312 Disk 0 MBR has been saved successfully to "F:\Todesktoplog\MBR.dat"

08:09:52.343 The log file has been saved successfully to "F:\Todesktoplog\aswMBR.txt"

Link to post
Share on other sites

UFA has 1 executable in it only. No idea what it does, might get rid of it ;)

You don't have to, we'll take care of it with ComboFix ;)

First,

BackupYour Registry with ERUNT

  • Please go here, scroll down to ERUNT, and download.
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your Registry to the folder of your choice.

Note: To restore your Registry, go to the folder and start ERDNT.exe

-------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\windows\l1rezerv.exe

c:\windows\systemup.exe

c:\windows\sysdriver32_.exe

c:\windows\sysdriver32.exe

C:\Documents and Settings\Maria\My Documents\Downloads\Flash-Player.exe

C:\Documents and Settings\Maria\My Documents\Downloads\Flash-Player (1).exe

C:\WINDOWS\system32\searchindexer.exe

Folder::

c:\windows\ufa

Driver::

SRVIECHECK

SRVSYSDRIVER32

srvbtcclient

Fcopy::

C:\WINDOWS\system32\dllcache\netbios.sys | C:\WINDOWS\system32\drivers\netbios.sys

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sysdriver32.exe"=-

"sysdriver32_.exe"=-

"systemup"=-

"l1rezerv.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

End result looks good so far. After completing the above process, and last restart, reinstalled malwarebytes, updated, run it, found 4 objects, removed, and it does look like the PC is clean now, lets wait a day or 2 and try a few things to see if there is any weird behaviour.

Uninstalled Avast completely before started, and now running an AVG scan.

Logs: combofix 1st, than the malwarebytes log.

Thx for your time and help to get rid of whatever was hiding in this system, could not do it alone ;)

CombofixTXTlog:

ComboFix 11-07-22.02 - Maria 22/07/2011 20:07:39.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1619 [GMT 1:00]

Running from: c:\documents and settings\Maria\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Maria\Desktop\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\documents and settings\Maria\My Documents\Downloads\Flash-Player (1).exe"

"c:\documents and settings\Maria\My Documents\Downloads\Flash-Player.exe"

"c:\windows\l1rezerv.exe"

"c:\windows\sysdriver32.exe"

"c:\windows\sysdriver32_.exe"

"c:\windows\system32\searchindexer.exe"

"c:\windows\systemup.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Maria\My Documents\Downloads\Flash-Player (1).exe

c:\documents and settings\Maria\My Documents\Downloads\Flash-Player.exe

c:\windows\system32\searchindexer.exe

c:\windows\ufa

c:\windows\ufa\ufa.exe

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\netbios.sys --> c:\windows\system32\drivers\netbios.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_WSearch

-------\Service_WSearch

.

.

((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))

.

.

2011-07-21 22:35 . 2010-10-12 11:56 220024 ----a-w- c:\windows\sigcheck.exe

2011-07-21 20:11 . 2011-07-21 20:11 -------- d--h--w- c:\windows\PIF

2011-07-21 19:50 . 2011-07-21 19:50 -------- d-----w- c:\documents and settings\Maria\Application Data\URSoft

2011-07-21 19:50 . 2011-07-21 21:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-07-21 19:50 . 2011-07-21 19:50 -------- d-----w- c:\program files\Your Uninstaller! 7

2011-07-21 19:28 . 2011-07-21 19:33 -------- d-----w- c:\windows\maxdrive

2011-07-21 19:23 . 2011-07-07 12:28 520496 ----a-w- c:\windows\Listdlls.exe

2011-07-21 19:23 . 2011-05-17 11:48 423288 ----a-w- c:\windows\handle.exe

2011-07-20 18:51 . 2011-07-20 19:12 -------- d-----w- C:\Combo-Fix

2011-07-20 17:52 . 2011-07-20 17:52 -------- d-----w- c:\documents and settings\Maria\Application Data\Malwarebytes

2011-07-20 17:52 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-20 17:52 . 2011-07-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-20 17:52 . 2011-07-20 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-20 17:52 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-20 10:23 . 2011-07-20 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-07-20 10:22 . 2011-07-20 10:27 -------- d-----w- c:\program files\Security Task Manager

2011-07-19 14:52 . 2011-07-19 14:52 -------- d-----w- c:\windows\rpcminer

2011-07-19 14:52 . 2011-07-19 14:52 -------- d-----w- c:\windows\phoenix

2011-07-19 14:52 . 2011-07-20 11:02 246272 ----a-w- c:\windows\unrar.exe

2011-07-19 14:44 . 2011-07-19 14:44 -------- d-----w- c:\windows\av_ico

2011-07-19 14:42 . 2011-07-19 14:42 -------- d--h--w- c:\windows\update.tray-7-0

2011-07-06 19:17 . 2011-07-06 19:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-05 22:50 . 2011-07-05 22:50 -------- d-----w- C:\found.000

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-04 11:43 . 2010-12-04 02:41 40112 ----a-w- c:\windows\avastSS.scr

2011-06-02 14:02 . 2011-02-11 01:36 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2010-12-04 10:09 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2008-04-14 07:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2008-04-14 07:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2011-02-11 01:34 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2008-04-14 07:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot_2011-07-21_20.22.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-22 19:13 . 2011-07-22 19:13 16384 c:\windows\temp\Perflib_Perfdata_378.dat

+ 2011-07-22 18:46 . 2011-07-22 18:46 262144 c:\windows\system32\config\systemprofile\NtUser.dat

+ 2011-07-22 18:55 . 2011-07-22 18:55 229376 c:\windows\ERDNT\22-07-2011\Users\00000002\UsrClass.dat

+ 2011-07-22 18:55 . 2005-10-20 11:02 163328 c:\windows\ERDNT\22-07-2011\ERDNT.EXE

+ 2011-07-22 18:55 . 2011-07-22 18:55 4923392 c:\windows\ERDNT\22-07-2011\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

2010-10-18 12:26 3908192 ----a-w- c:\program files\Freecorder\tbFree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 12:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]

"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Maria\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableSecureUIAPaths"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

"DisableThumbnailCache"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\ICQ7.2\\ICQ.exe"=

"c:\\Program Files\\ICQ7.2\\aolload.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Documents and Settings\\Maria\\Desktop\\Games\\Stronghold Crusader\\Stronghold Crusader.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\update.tray-7-0\\svchost.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/12/2010 17:17 691696]

S0 cerc6;cerc6; [x]

S3 cpuz135;cpuz135;\??\c:\docume~1\Maria\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Maria\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]

S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [02/04/2011 19:57 428160]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-789336058-1606980848-1003Core.job

- c:\documents and settings\Maria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-13 02:41]

.

2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-789336058-1606980848-1003UA.job

- c:\documents and settings\Maria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-13 02:41]

.

2011-07-22 c:\windows\Tasks\User_Feed_Synchronization-{008EC0C9-0429-484A-81CE-1B3DE7A6972B}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-22 20:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.Cdfs]

"ImagePath"="\*"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2848)

c:\windows\system32\WININET.dll

c:\documents and settings\Maria\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\stsystra.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-07-22 20:15:35 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-22 19:15

ComboFix2.txt 2011-07-21 20:25

ComboFix3.txt 2011-07-20 19:12

.

Pre-Run: 3,730,898,944 bytes free

Post-Run: 3,802,279,936 bytes free

.

- - End Of File - - 358540FE6FF9BD4D77A268E4DC8E0314

Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

22/07/2011 20:37:45

mbam-log-2011-07-22 (20-37-45).txt

Scan type: Quick scan

Objects scanned: 144133

Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Thx for your time and help to get rid of whatever was hiding in this system, could not do it alone ;)

No problem ;)

Your logs are looking better!

Before we move on, let's run some more scans to see if there's any traces left :):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-----------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

Hi there, had to do a "remote access" to the laptop to run those 2 scans ;)

ESET onlinescan found 23 things there.

Bitdefender was run from chrome, and found another 4, no log from thatone.

Will get my hands on that laptop this weekend and see on my own.

ESET Log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=577eb158669a864f9ac6346ea83a43d6

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-07-24 09:54:59

# local_time=2011-07-24 10:54:59 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 1388 1388 0 0

# scanned=35393

# found=23

# cleaned=18

# scan_time=2229

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32.exe.vir Win32/TrojanDownloader.Delf.QCY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\sysdriver32_.exe.vir Win32/TrojanDownloader.Delf.QCY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\1291427402.sys.vir Win32/Sirefef.CL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdfs.sys.vir a variant of Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\ufa\ufa.exe.vir a variant of Win32/BitCoinMiner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\update.2\svchost.exe.vir a variant of Win32/TrojanDownloader.Delf.QNK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\update.5.0\svchost.exe.vir a variant of Win32/TrojanDownloader.Delf.QPN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060461.exe Win32/TrojanDownloader.Delf.QCY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060462.exe Win32/TrojanDownloader.Delf.QCY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060464.exe a variant of Win32/TrojanDownloader.Delf.QNK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060465.exe a variant of Win32/TrojanDownloader.Delf.QPN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP119\A0060596.sys a variant of Win32/Sirefef.CL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP120\A0060682.sys a variant of Win32/Sirefef.CL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP120\A0060704.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP120\A0060705.exe a variant of Win32/BitCoinMiner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\maxdrive\netbios.sys a variant of Win32/Sirefef.CL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I

Link to post
Share on other sites

Let's try this ;)

Download Superantispyware

  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

----------

Please Launch Malwarebytes' Anti-Malware.

  • Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Link to post
Share on other sites

Hi, Im still here. Sister took the laptop away and is a complete antitalent. Cant install and run antivirus alone or find the logfiles, so need to be present on skype ;)

here is the superantispyware log, malwarebytes will follow tomorrow.

After scanning and sending me the logfile, did a restart, as the application requested.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 07/28/2011 at 09:06 PM

Application Version : 4.55.1000

Core Rules Database Version : 7478

Trace Rules Database Version: 5290

Scan type : Complete Scan

Total Scan Time : 00:36:07

Memory items scanned : 510

Memory threats detected : 0

Registry items scanned : 6985

Registry threats detected : 20

File items scanned : 13501

File threats detected : 265

Adware.Tracking Cookie

C:\Documents and Settings\Maria\Cookies\maria@2o7[1].txt

C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt

media.whosay.com [ C:\Documents and Settings\Maria\Application Data\Macromedia\Flash Player\#SharedObjects\G4WR7PFJ ]

s0.2mdn.net [ C:\Documents and Settings\Maria\Application Data\Macromedia\Flash Player\#SharedObjects\G4WR7PFJ ]

www.pornhub.com [ C:\Documents and Settings\Maria\Application Data\Macromedia\Flash Player\#SharedObjects\G4WR7PFJ ]

.atdmt.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

audit.median.hu [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adtech.de [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.eyewonder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.eyewonder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.xiti.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.lfstmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.lfstmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.inteletrack.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.inteletrack.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.star-advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.pornhub.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ads.trafficjunky.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ox-d.w00tmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.apmebf.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.weborama.fr [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.weborama.fr [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.clickfuse.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

tracking.vid4u.org [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adverticum.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.uk.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

uk.sitestat.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

uk.sitestat.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

uk.sitestat.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adviva.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

tracking.dc-storm.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.e-2dj6wfkyegajkkp.stats.esomniture.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adtech.staticwhich.co.uk [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adtech.staticwhich.co.uk [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

tracking.dc-storm.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.paypal.112.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.mochimedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mochimedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mochimedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

rts.pgmediaserve.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

rts.pgmediaserve.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

rts.pgmediaserve.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.www.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.partypoker.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ad.velmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ad.velmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.velmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.77tracking.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.77tracking.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.77tracking.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.pixeltrack66.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.pixeltrack66.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.go.evolutionmedia.bbelements.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.kantarmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.kantarmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.lfstmedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.www.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.www.rudefinder.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ar.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.chitika.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mm.chitika.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tacoda.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tacoda.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.aerlingus.122.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ads.audience2media.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

adserve.ink-publishing.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.server.cpmstar.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.192com.112.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.kontera.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adxpose.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

track.adform.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

track.adform.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adform.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediabrandsww.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.e-2dj6wdlycjajwhp.stats.esomniture.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.usatoday1.112.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

accounts.youtube.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

in.getclicky.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tracking.dsmmadvantage.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.avgtechnologies.112.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.find-fast-answers.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertise.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.liveperson.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

server.iad.liveperson.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www1.addfreestats.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.surveymonkey.122.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tribalfusion.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

w00tpublishers.wootmedia.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adserver.adtechus.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ad-emea.doubleclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.bs.serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

www.googleadservices.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.stats.paypal.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

bullfrog.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

bullfrog.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

bullfrog.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adtechus.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.azjmp.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.azjmp.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.azjmp.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adserving.cpxinteractive.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tradedoubler.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tradedoubler.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tradedoubler.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.toplist.cz [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

sk.search.etargetnet.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

adserv.brandaffinity.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

adserv.brandaffinity.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

adserv.brandaffinity.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.questionmarket.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.questionmarket.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.statcounter.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

adserv.brandaffinity.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

statse.webtrendslive.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ehg-tfl.hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.yieldmanager.net [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ehg-tfl.hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ehg-tfl.hitbox.com [ C:\Documents and Settings\Maria\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Adware.Zango/ShoppingReport

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid32

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib#Version

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version

Trojan.Agent/Gen-Nullo[short]

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2B6B7649-D3B9-459B-90C9-1706B14E78B8}\RP120\A0060856.EXE

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.