32 replies to this topic

[wontgo]

Hi,

I would really appreciate your help as I am tempted to hit my laptop after downloading lots of programmes to help get rid of viruses which keep on coming back!

I have followed your instructions - done step 1 and 2. The Spybot S&D found one item: Virtumonde which it deleted.

MWAM log is below (only used this today) which could not remove one item: C:\users\admin\AppData\Local\Temp\cbxww.dll. When I restarted following the scan and delete my system said it could not find the startup file with the same location as the unremovable item.

Malwarebytes' Anti-Malware 1.11
Database version: 603

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 189522
Time elapsed: 1 hour(s), 43 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7457a5c1 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\admin\AppData\Local\Temp\lpjjxbly.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\lufxbtkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\thgdpoyn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\xpomwndv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\cbxww.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\admin\AppData\Local\Temp\vjmmgmwe.dll (Trojan.Agent) -> Quarantined and deleted successfully.

-----
Once I restarted following MBAM I noticed that the my laptop wasn't faster as such but had less noise initially (still noisy after 5mins), Spybot had less popups but I know something could take it back to square one so I am onto the next steps and will post those logs up.

I've given as much info as I can (the history):
My laptop useto work like lightening and so quiet until a few months ago when it caught something online, since then infections have been reoccuring.
I have McAfee Virusscan Enterprise 8.5i which is my anti-virus and use windows firewall as my firewall, plus I have Spybot and AdAware and Windows Defender. I find that McAfee scans takes forever and I always do it in safemode no networking. Here is a brief summary of the results of a scan I did yesterday (ran after doing AdAware 2007 and SpyBot S&D):
08/04.2008 time taken: 6.38.55 scanned 3134124 detections 0. Although on a restart S&D did the usual of denying access to registry changes literally every second (the teatimer). This has been causing web browsing to be really hard and crash. Also I got popups in I.E. which usually would be both pages that would and would not display, even in firefox popups seem to crop up (albeit less occasionally).
The laptop is less then a year old!

The possibilities:
Your advice and lastly I have ordered directly from HP a set of recovery discs just incase I do have to start all over and wipe the system (I sound like I know what I am doing but really I do not!). My friend said it's better to order them as if I produced the recovery discs from my laptop it isn't factory standard (has virus).

[JeanInMontana]

Hi wontgo and welcome to Malwarebytes. Looks like MBAM has got quite a lot. But I need to see some more scan logs to be sure.

Hi there, and welcome to

Please set your system to show
all files; Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

If you haven't already, please get these programs, update and run a complete scan removing all items found.
Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.

Please run a full scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply.

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said.

Be patient and persistent. These things can take time and many procedures.

I know you have already done some of this. This is my canned message so please just pick up where you stopped with the Panda scan and a HiJack This! log.

[wontgo]

Thanks, I have unhidden the files as directed and will do Hijack this scan and post lastly. Should I install and do an AVG scan as well as I thought I didn't need to? wopps!

Here are the results from Panda and I really appreciate your help, for some reason I can't manage to get it very read friendly:

*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-04-09 19:13:13
PROTECTIONS: 2
MALWARE: 64
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
McAfee VirusScan Enterprise 8.5.0.781 Yes Yes
AVG 7.5.516 7.5.516 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.247realmedia.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediaplex[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-24 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.yadro.ru/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][landing.domainsponsor.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-24 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@bs.serving-sys[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/hc/30435142]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][searchportal.information.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advancedcleaner[2].txt
02901046 Adware/SpyAxe Adware No 0 No No C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHK96QDV\webinst[1].cab[webinst.dll]
02903139 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\qoatubns.dll
02903141 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\mgescpns.dll
02903964 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\ppvhdswc.dll
02903965 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\kcsnsdma.dll
02903966 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\yqmovgdy.dll
02904333 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\cnlmtpdl.dll
02905017 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\phoifymc.dll
02905018 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\pvgaulne.dll
02905019 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\tjvqahqs.dll
02905020 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\gfepioko.dll
02905021 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\astcnvcr.dll
02905027 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\rdwbfjer.dll
02905766 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\hwpugwxs.dll
02905766 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\naaarsyl.dll
02906744 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\gndbtgja.dll
02906745 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\nywbdqco.dll
02906745 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\umdwlqen.dll
02906746 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\kmuamkul.dll
02907394 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\fkjqemia.dll
02907395 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\lqjnpnri.dll
02907397 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\dssdmnnf.dll
02907725 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\ubswvdcc.dll
02907726 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\ycexdlpw.dll
02908067 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\maqyjmod.dll
02908219 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\oylkurrx.dll
02908620 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\huoidrqv.dll
02908623 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\vbojtwih.dll
02909242 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\oeofadcj.dll
02909247 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\gawvuthw.dll
02909475 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\dwjmoxcv.dll
02910323 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\afjuisxo.dll
02910326 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\cnekjckj.dll
02910537 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\qsdkbour.dll
02910804 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\kcvacfhw.dll
02910852 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\haewmqnk.dll
02910852 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\tvoflbev.dll
02911849 Adware/PurityScan Adware No 0 Yes No C:\Users\admin\AppData\Local\Temp\tvouynbm.dll
02911849 Adware/PurityScan Adware No 0 Yes No C:\Users\admin\AppData\Local\Temp\phlxojki.dll
02911849 Adware/PurityScan Adware No 0 Yes No C:\Users\admin\AppData\Local\Temp\lkuieakb.dll
02911849 Adware/PurityScan Adware No 0 Yes No C:\Users\admin\AppData\Local\Temp\qdgccgno.dll
02912162 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\aovtbutq.dll
02912307 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\txtsrjof.dll
02912307 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\mfveugis.dll
02912307 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\ocxehbmg.dll
02912307 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\yvnubuco.dll
02912783 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\admin\AppData\Local\Temp\yandkcnk.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location �������
3

;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description �������
3

;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

Edited by JeanInMontana, 09 April 2008 - 06:42 PM.
remove code

[JeanInMontana]

No don't get AVG. I use a prepared speech and somehow missed editing out AVG and replacing it with MBAM. Did you empty the quarantine on MBAM before the Panda scan? I need the HJT log too. Please.

[wontgo]

Ok I have done the HJT and here is the log, I'll await your help, thanks. I had this programme before but deleted it as being a bit too complex lol. I noticed that Panda said I have AVG but I deleted that a while ago, please let me know if I should download AVG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:59, on 09/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\cbxww.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10480 bytes

[wontgo]

no I didnt empty the quarantine on MBAM, I've done that now and will rescan with Panda and then HJT, thanks.

[wontgo]

Hi, here is my second time scan of Panda and then HJT after removing the quarantine in MBAM. Thanks again for all help:

PANDA:

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-04-09 21:26:35
PROTECTIONS: 2
MALWARE: 65
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
McAfee VirusScan Enterprise 8.5.0.781 Yes Yes
AVG 7.5.516 7.5.516 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.247realmedia.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediaplex[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.anm.co.uk/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.anm.co.uk/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-24 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt[.yadro.ru/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][landing.domainsponsor.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.azjmp.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-24 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.toplist.cz/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@bs.serving-sys[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][server.iad.liveperson.net/hc/30435142]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.questionmarket.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-04-06 190004\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.go.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-02-23 120147\Backup files 7.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-02 190002\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][searchportal.information.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-09 190006\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-25 141627\Backup files 1.zip[C\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gbmkwo0j.default\cookies.txt][.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\CARLY-PC\Backup Set 2008-02-23 120147\Backup Files 2008-03-31 183803\Backup files 1.zip[C\Users\admin\AppData\Roaming\

[wontgo]

This is the second time scan of HJT after removing the quarantine in MBAM. Thanks again for all help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:57, on 09/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\cbxww.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10389 bytes

[JeanInMontana]

OK you are not following the initial instructions you need to turn off TeaTimer. This is a great tool but it can interfere with the procedures.

Open SB S&D
Click on the Tools section and then Resident.
You will see two items.
1. Resident "SD helper" (Internet Explorer bad download blocker.) active
2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck 2. Leave 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

Did you scan with SBS&D? I'm sure it will remove all those tracking cookies Panda finds.

Be sure you disable TeaTimer before we move on.

Please do another MBAM scan after you update. Make sure it is set to scan all of C . Post that log and a new HJT please.

[wontgo]

Ok, I wasn't able to do this yesterday at the start as the popups from the tea timer block notification came too quickly so I couldn't reach the menu option sucessfully. I think I may have a different SB s&d as I don't appear to have the tools menu even after running as administrator, but have a similar option which I haven chosen by right clicking the SB Resident - s&d icon in the tray then unclicking resident protection but keeping Resident I.E. block all bad pages silently ticked and also using resident in I.E. ticked, use whitelists is also ticked. I tried to attach the two screenshots so that you have an idea of what I mean but I can't for some reason. Is this okay?

I did scan with spybot s&d yesterday before the panda scan but will do the spybot s&d scan again and then move onto MBAM and the HJT.

thanks.

[wontgo]

Hi, here is my latest MBAM and HJT logs,. My system seems like it is nearly there as in I was using firefox whilst doing the mbam scan and it wasn't as slow. Following MBAM scan i deleted those infections found inc. quarantine, thanks:

Malwarebytes' Anti-Malware 1.11
Database version: 603

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 169104
Time elapsed: 1 hour(s), 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:49, on 10/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10109 bytes

[JeanInMontana]

You have not disabled TeaTimer and MBAM did not take action on these items

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.

Run HJT in scan only mode and put a check next to the following items and then click fix.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)


You do not need to run as admin to do what is needed in SBS&D. Look at the screen shots below, please, and disable TeaTimer.

Once you have disabled TeaTimer run a full scan of C again with MBAM and take action on all items found. Post the log from that scan please.

Exit all running programs and browsers and run HJT again. Post that log.

Attached Files

•  Find_TeaTimer.png   120.32K   7 downloads
•  Find_Resident.png   11.99K   4 downloads
•  Resident_box.png   20.38K   5 downloads

[wontgo]

HJT fixed the four files following the scan only.

I then managed to disable the teatimer thanks for the screenshots: I had to chose advanced options to display tools, settings etc. I had to do this as administrator - I have windows vista and it said I had to run it as administrator due to lack of permissions which it always states. Right following that I did MBAM scan (deleted all inc. quarantine for infections) here are the results (I had programmes running at that time).

Afterwards I exited and end tasked managed processing programmes so that they wouldn't run, I couldn't exit mcafee as the option for disabling it was unhighlightable if that makes sense lol (greyed out) and it wasn't on my end task manager processes screen.

So here are the BMAM and HJT logs, I hope I've done ok? After I exited programmes the system seemed to make a few adjusting sounds but I guess this is normal and there isn't that much risk as I wasn't browsing just HJT scanning?:

Malwarebytes' Anti-Malware 1.11
Database version: 603

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 168896
Time elapsed: 1 hour(s), 8 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:59, on 11/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9576 bytes

[JeanInMontana]

Ahh sorry about the advanced mode. I always run in that mode. AND Vista is just a PITA with the admin and permissions BS. Anyway looks like the offender is now taken care of with MBAM. How is the system running? Do you feel we have got you cleaned up? If so we have one final step.


Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full time protection from MBAM is offered at a very low price. See the trial link in my signature.

Edited by JeanInMontana, 12 April 2008 - 06:16 PM.
add information

[wontgo]

Oh no problem, I know that my friend adores XP which I sort of miss on occassions.

Well my system seems to be running fine, it is definately quieter and back to it's usual speed I think. I do notice that when I am not doing anything on a webpage and just say reading it: the processing light still flashes every so often (maybe every 3-5 seconds) with a slight usual processing noise - is this ok? (I know it's hard to tell and I am probably just a bit paranoid now!).

The only other thing is that since all these fixes everytime I turn on and login the following window pop up box comes up and I was wondering how you turn it off?:
Run DLL
C:\users\admin\AppData\Local\Temp\cbxww.dll
Error loading: the specified module could not be found

I will take your useful advice on buffing up with an aditional firewall and getting AVG - I won't run these at the same time as mcafee and windows firewall as I think that causes conflictions right? Do you think that an additional scanner should be added too from your list?:
SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

I'll hold on before doing a system restore. Once I have done it, if I need to restore the system, is it best to use the restore I'll create from your help or use the set of recovery discs HP have sent (not received yet)?

Thanks for your help on this.

[JeanInMontana]

Empty your temp files that should get that. I never recommended AVG. Get a decent firewall and turn off Windows firewall. I didn't recommend any antivirus programs so there is no conflicts with using all of the programs I listed. Some of them are not running processes at all. Set a new system restore point so you don't use the old one that is infected. This is not the same as reformat. Start> Control Panel> System> System Restore tab. Put a check in turn off System Restore. Reboot and repeat the procedure on create a new restore point. Name it something you remember, like clean restore point and create it.

[wontgo]

Hi, so sorry for the late reply, I've been quite busy with uni. Right so I have made some progress sorry for the AVG misunderstanding:

I have after scanning with spybot s&d, MBAM, then McAfee Enterprise Anti-virus done a system restore point yesterday as directed of the C and D drive. Note mbam did find 7 trojans which I removed and deleted from quarantine and mcafee was all clear. Also I did a HJT scan today (I installed microsoft updates last night) and the following has come back:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Should I delete these? are they dangerous? I rescanned today with MBAM and no detections have been found.

I've downloaded the programmes for spyware protection minus hphosts which looks complex, and sitehound which didn't work when registering by failing to send login email details and I found it too in your face when browsing. Also unfortunately Online Armour is not compatible with Windows Vista. Have you any other firewall suggestions .e.g. Zone Alarm or Comodo? Is McAfee enough as my anti-virus (I find it so slow it took 6 hours to do a full system scan of the C and D drive)? I was tempted to download Avast Antivirus after reading a review - do you think this programme is any good? I guess I just want a faster anti-virus lol.

Oh another question, I did a system restore for both the D drive (the backup) and C drive, but I only put a check next to the c drive as not requiring a system restore point before restarting and creating it. I am a bit worried that the D Drive could potentially still have the virus though I am not sure. Should I uncheck the d drive system restore point and then create a system restore point like I did for the C Drive?

Finally, for a web browser I always use firefox, but have I.E. just incase. I was thinking of using Opera as a web browser as I read a review about it being faster and more secure then Firefox and I.E. What is your opinion on the three?

[JeanInMontana]

Hi again. School is important. Those two lines in HJT are not dangerous. hpHosts isn't that complex. It is a hosts file basically you install it and forget it except for updates.

If SiteHound is in your face, it's doing it's job. You got infected remember? That infection may have come from a site you should not have gone to. McAfee is a resource hog for the most part and not the best choice for protection IMO. Avast is good, so is Avira Antivir both have a free version, but you should never run two active AV programs at the same time.

Scan your D drive, this is the HP recovery drive correct? If it comes up clean you should be fine. It can become infected.

Browsers, I use Firefox exclusively unless some site has not entered the 21st century and is not W3C compliant. Opera is not safer or faster. Bottom line you can get infected using any browser and any amount of protection. Prevention is the key and the majority of the items I list for users are prevention tool.

I posted about OA and Vista on the OA forums. I need more details please. Why do you say it wont work with Vista? I found plenty of posts on their forums to show it does. ZA and Commodo will do what you need, I don't like to suggest them because their ethics have slid to the dark side.

Lets see another scan with MBAM after update do a full system both drives and a new HJT log to be sure.

[wontgo]

I haven't downloaded hphosts yet as I wanted to make sure that I just have to click the right one and then once downloaded the updates will come as part of the programme or do I have to keep going back to the website?

I haven't downloaded SiteHound as when I did previously, I registered twice but an error message said could not send message (with registration details) and then when I tried to create a new account it said email address already on system even though it said before that it could not send message - I uninstalled - I may get again but not sure as I've already given two email addresses and had no email with registration confirmation. Also when I was in yahoo sending an email I couldn't even spell check as that button had been replaced with a sitehound button saying not recognised or something! I wouldn't mind getting it if I could tweak it a bit so not to interupt yahoo email spell check etc. Also when I was browsing today I clicked on what I thought was an innocent link to which I thought would be about soap but instead it came up with this save file exe. which looked just like a virus - I end tasked it. Iwouldn't mind site hound but not sure how to register! Unless I click forgetten details (I'll investigate further).

Thanks I saw the post re: OA - I see it will be about a month for a vista version so have downloaded and installed Comodo as it apparently doesn't hog so much. Comodo did a full system scan and in the beginning it kept flashing up with all these requests (some I just said block to as it said it wasn't sure etc and I didn't know what it was, others I thought OK for instance outgoing connections that I thought was for my internet. Also the full scan it did came out clean.

Just to double check it's fine to have more than one anti-virus just not running at the same time - is that what you mean? If so I'll download Avast.

Also I have noticed that there are quite a few folders in my c drive that have been restricted - although I haven't changed any settings an error message of access denied comes up when I tried to access my music, my pictures and even folders within windows. I login with administrator rights so am a bit confused on how I can unblock all this for my use when I login as I have to keep going into an individual folder and editing the sharing option.


Right here are the logs - one virus on MBAM (oh yes the D drive is the backup and it scanned clean before the restore point) also I really would like advice on how to remove the Run DLL
C:\users\admin\AppData\Local\Temp\cbxww.dll / folder cmds that it found as Comando and WinPatrol keep popping up stating that the file is trying to either be in my registry or start-up programmes list. Although I keep clicking remember decision and deny it (including delete on reboot) it just keeps on popping back (this was even after removing on MBAM).

MBAM:
Malwarebytes' Anti-Malware 1.11
Database version: 636

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170127
Time elapsed: 1 hour(s), 9 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:28, on 19/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\cbxww.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10022 bytes

[JeanInMontana]

You have two Antivirus running. Pick one or the other McAffee or Symantec. Neither is a first choice IMO both are resource hogs and don't do the best job. Avast is a better choice but you cannot run them all at the same time.

A hosts file ls not a program. It adds a list of sites that are bad to the block list for safe surfing. Once you install it, yes you should do updates when they are made. However any protection already added is better than none.

That .dll is related to Vundo from what I find. So we will do this.


Please download VundoFix.exe
to your desktop. http://www.atribune..../click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.