Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iedefender Help For Vista, Please?


  • This topic is locked This topic is locked
13 replies to this topic

#1 Mahou

Mahou

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 17 November 2007 - 02:48 AM

Hello, last night, I saw a popup (this is what it looks like- http://i15.photobucket.com/albums/a398/cheater969/Vir.jpg ), thinking nothing of it, I closed it and continued using IE, however, the popup is still appearing, it pops up every couple of minutes, and, google now is corrupted; searches will go to a different searching page featuring a faux error and a pornographic link, searches including "iedefender" or "ie defender" lead to a blank page. I've searched around (with Yahoo) and found multiple solutions, none of them have worked, IeDefender isn't ont he program list, there's no folder for it in my program files and the many files I'm told to delete from my system32 folder don't exist, nothing has turned up on any of my virus softwares (Norton, Spybot, Ad-Aware, Windows Defender, SuperAntiSpyware), I'm just about to reformat my computer, please, help! I'm using Windows Vista Home Premium on a HP Pavillion dv2000t laptop and I recieve the virus while using Firefox. Thanks!
Here's my HJThis log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:11 PM, on 17/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://serebii.net/index2.shtml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\System32\PowerVideo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [eBayToolbar] "C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] "C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE" /F "C:\Windows\TEMP\E_SFA35.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series (Copy 1)] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE" /F "C:\Windows\TEMP\E_S4816.tmp" /EF "HKLM"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12645 bytes

Sorry about posting this in two forums, I decided I should post a log and felt it would need to go here.

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 30 November 2007 - 04:17 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Mahou

Mahou
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 04 December 2007 - 05:53 AM

I no longer get the pop-up (not sure if its all gone), though I beleve I have more problems, my entire computer is very slow now and the other day I recieved a different pop-up about Malware. Here's my new log;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:15 PM, on 4/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://serebii.net/index2.shtml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [eBayToolbar] "C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] "C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE" /F "C:\Windows\TEMP\E_SFA35.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series (Copy 1)] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE" /F "C:\Windows\TEMP\E_S4816.tmp" /EF "HKLM"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12891 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 04 December 2007 - 05:31 PM

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 Mahou

Mahou
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 06 December 2007 - 12:01 AM

Alright, got it working...
ComboFix 07-12-02.6 - Gordon Smith 2007-12-06 16:03:28.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.297 [GMT 11:00]
Running from: C:\Users\Gordon Smith\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3
C:\Program Files\3\Mobile Broadband Modem Manager\DefaultMMM.ini
C:\Program Files\3\Mobile Broadband Modem Manager\Driver.ini
C:\Program Files\3\Mobile Broadband Modem Manager\MMModem.cnt
C:\Program Files\3\Mobile Broadband Modem Manager\MMModem.exe
C:\Program Files\3\Mobile Broadband Modem Manager\MMMODEM.HLP
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-01 09:20 . 2007-12-01 09:20 <DIR> d-------- C:\Program Files\Sony
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\System32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\System32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\System32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\System32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\System32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\System32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\System32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\System32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\System32\drivers\srtsp.inf
2007-11-29 15:45 . 2007-11-29 15:45 <DIR> d-------- C:\Program Files\MagicDVDRipper
2007-11-27 22:21 . 2007-11-27 22:21 <DIR> d-------- C:\N360_BACKUP
2007-11-26 16:24 . 2007-11-26 16:26 <DIR> d-------- C:\Program Files\Project64 1.6
2007-11-22 17:48 . 2006-03-24 06:32 127,488 --a------ C:\WINDOWS\nmwcd.sys
2007-11-18 21:09 . 2007-12-05 15:43 <DIR> d-------- C:\Users\Gordon Smith\AppData\Roaming\OpenOffice.org2
2007-11-18 21:04 . 2007-11-18 21:05 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-18 11:28 . 2007-11-18 11:28 <DIR> d-------- C:\Program Files\ExplorerXP
2007-11-18 11:27 . 2007-11-18 11:27 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2007-11-18 11:26 . 2007-11-18 11:26 <DIR> d-------- C:\Program Files\a-squared Free
2007-11-18 11:17 . 2005-01-14 01:41 11,254 --a------ C:\WINDOWS\System32\locate.com
2007-11-18 11:16 . 2007-11-18 11:17 <DIR> d-------- C:\ISeeYouXP
2007-11-18 11:07 . 2007-11-21 19:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-18 11:07 . 2007-11-21 19:32 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-17 22:16 . 2007-11-17 22:16 <DIR> d-------- C:\Users\Gordon Smith\AppData\Roaming\Download Manager
2007-11-17 22:16 . 2007-11-17 22:16 1,152 --a------ C:\WINDOWS\System32\windrv.sys
2007-11-17 20:36 . 2006-11-10 16:03 615,424 --a------ C:\WINDOWS\System32\themeui.dll
2007-11-17 20:09 . 2007-11-17 20:09 <DIR> d-------- C:\Program Files\CodeGazer
2007-11-17 19:21 . 2006-11-10 16:03 615,424 --a------ C:\WINDOWS\System32\themeui.dll.vgpat
2007-11-17 19:21 . 2007-11-17 20:13 615,424 --a------ C:\WINDOWS\System32\themeui.dll.vgorg
2007-11-17 19:21 . 2006-11-10 16:01 245,248 --a------ C:\WINDOWS\System32\shsvcs.dll.vgpat
2007-11-17 19:21 . 2007-11-17 20:13 245,248 --a------ C:\WINDOWS\System32\shsvcs.dll.vgorg
2007-11-17 19:21 . 2006-11-10 16:05 240,640 --a------ C:\WINDOWS\System32\uxtheme.dll.vgorg
2007-11-17 19:21 . 2007-11-17 20:13 240,640 --a------ C:\WINDOWS\System32\uxtheme.dll
2007-11-17 18:51 . 2007-11-17 18:51 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2007-11-17 15:41 . 2007-11-17 15:42 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-17 13:32 . 2007-11-17 13:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 10:12 . 2007-11-17 10:12 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-11-17 10:12 . 2007-11-17 10:12 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-11-17 10:11 . 2007-11-17 10:11 <DIR> d-------- C:\Users\Gordon Smith\AppData\Roaming\SUPERAntiSpyware.com
2007-11-17 10:11 . 2007-12-04 21:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 09:55 . 2007-11-17 09:55 0 --ah----- C:\ProgramData.LOG2
2007-11-17 09:55 . 2007-11-17 09:55 0 --ah----- C:\ProgramData.LOG1
2007-11-17 00:13 . 2007-11-18 11:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 23:57 . 2007-11-16 23:57 <DIR> d-------- C:\SiteAdvisor
2007-11-16 23:41 . 2007-11-16 23:41 <DIR> d-------- C:\Program Files\AskSBar
2007-11-16 23:34 . 2007-11-16 23:34 164 --a------ C:\install.dat
2007-11-16 23:32 . 2007-11-16 23:34 <DIR> d-------- C:\Users\Gordon Smith\AppData\Roaming\GetRightToGo
2007-11-16 23:21 . 2007-11-17 12:03 5,470 --a------ C:\WINDOWS\System32\tmp.reg
2007-11-16 16:55 . 2007-11-16 17:09 <DIR> d-------- C:\Program Files\myFairTunes
2007-11-15 03:01 . 2007-11-15 03:01 224,768 --a------ C:\WINDOWS\System32\drivers\usbport.sys
2007-11-15 03:01 . 2007-11-15 03:01 192,000 --a------ C:\WINDOWS\System32\drivers\usbhub.sys
2007-11-15 03:01 . 2007-11-15 03:01 73,216 --a------ C:\WINDOWS\System32\drivers\usbccgp.sys
2007-11-15 03:01 . 2007-11-15 03:01 38,400 --a------ C:\WINDOWS\System32\drivers\usbehci.sys
2007-11-15 03:01 . 2007-11-15 03:01 23,040 --a------ C:\WINDOWS\System32\drivers\usbuhci.sys
2007-11-15 03:01 . 2007-11-15 03:01 8,704 --a------ C:\WINDOWS\System32\hcrstco.dll
2007-11-15 03:01 . 2007-11-15 03:01 8,704 --a------ C:\WINDOWS\System32\hccoin.dll
2007-11-15 03:01 . 2007-11-15 03:01 5,888 --a------ C:\WINDOWS\System32\drivers\usbd.sys
2007-11-10 22:35 . 2007-11-10 22:35 <DIR> d-------- C:\EPSON SCAN_SPC1
2007-11-10 22:35 . 2006-10-13 00:00 61,952 --a------ C:\WINDOWS\System32\escwiad.dll
2007-11-06 23:18 . 2004-11-25 05:07 79,679 --a------ C:\WINDOWS\System32\E_FLMACP.DLL
2007-11-06 23:18 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\System32\E_FBCBACP.DLL
2007-11-06 23:18 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS\System32\E_DCINST.DLL
2007-11-06 23:18 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\System32\E_FBCHACP.DLL
2007-11-06 23:16 . 2007-11-06 23:16 <DIR> d-------- C:\EPSON SCX3700

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 05:00 --------- d-----w C:\Users\Gordon Smith\AppData\Roaming\Orbit
2007-12-05 04:49 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-05 04:49 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-05 04:49 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-05 04:49 --------- d-----w C:\Program Files\Symantec
2007-12-01 06:46 --------- d-----w C:\Program Files\Orbitdownloader
2007-11-29 05:21 --------- d-----w C:\Users\Gordon Smith\AppData\Roaming\Roxio
2007-11-28 10:32 --------- d-----w C:\Users\Gordon Smith\AppData\Roaming\Nokia
2007-11-28 10:30 --------- d-----w C:\ProgramData\Installations
2007-11-22 07:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 05:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-18 10:02 --------- d-----w C:\Program Files\Java
2007-11-18 00:09 --------- d-----w C:\ProgramData\WholeSecurity
2007-11-18 00:09 --------- d-----w C:\ProgramData\Symantec
2007-11-18 00:08 --------- d-----w C:\Users\Gordon Smith\AppData\Roaming\yahoo!
2007-11-18 00:08 --------- d-----w C:\ProgramData\Yahoo! Companion
2007-11-17 04:06 --------- d-----w C:\Program Files\Norton 360
2007-11-16 05:58 --------- d-----w C:\Users\Gordon Smith\AppData\Roaming\Apple Computer
2007-11-16 03:54 --------- d-----w C:\Users\Gordon Smith\AppData\Roaming\SiteAdvisor
2007-11-14 16:01 --------- d-----w C:\Program Files\Windows Mail
2007-11-13 05:10 --------- d-----w C:\ProgramData\Roxio
2007-11-06 12:18 --------- d-----w C:\Program Files\EPSON
2007-11-04 02:42 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-04 02:42 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-04 02:42 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-04 02:41 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-04 02:41 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-04 02:41 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-04 02:41 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-04 02:41 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-04 02:41 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-04 02:41 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-04 02:41 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-04 02:41 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-04 02:41 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-04 02:41 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-04 02:41 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-04 02:41 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-04 02:41 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-03 14:08 --------- d-----w C:\ProgramData\PC Suite
2007-11-03 14:01 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-11-03 14:01 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-03 14:00 --------- d-----w C:\ProgramData\Downloaded Installations
2007-11-03 13:57 --------- d-----w C:\Program Files\DIFX
2007-11-03 13:56 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-03 08:32 --------- d-----w C:\ProgramData\Sonic
2007-11-03 08:23 --------- d-----w C:\Users\Gordon Smith\AppData\Roaming\ImgBurn
2007-11-03 08:20 --------- d-----w C:\Program Files\ImgBurn
2007-10-30 05:29 --------- d-----w C:\ProgramData\Apple Computer
2007-10-30 05:29 --------- d-----w C:\Program Files\iTunes
2007-10-30 05:28 --------- d-----w C:\Program Files\QuickTime
2007-10-29 01:09 --------- d-----w C:\Users\Gordon Smith\AppData\Roaming\PC Suite
2007-10-28 10:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-26 05:49 --------- d-----w C:\Program Files\Maxis
2007-10-23 13:22 --------- d-----w C:\Program Files\Apple Software Update
2007-10-23 13:21 --------- d-----w C:\ProgramData\Apple
2007-10-23 13:21 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-23 05:41 174 --sha-w C:\Program Files\desktop.ini
2007-10-23 05:38 --------- d-----w C:\Program Files\Windows Defender
2007-10-23 05:38 --------- d-----w C:\Program Files\Windows Calendar
2007-10-22 15:18 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-10-22 15:18 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-10-22 15:18 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-10-22 15:18 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-10-22 15:18 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-10-22 15:18 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-10-22 15:18 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-10-22 15:18 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-10-22 15:18 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-10-22 15:18 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-10-22 15:18 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-10-22 15:18 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-10-22 15:18 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-10-22 15:18 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-10-22 15:18 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-10-22 15:18 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-10-22 15:18 134,656 ----a-w C:\Windows\System32\dps.dll
2007-10-22 15:18 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-10-22 15:18 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-10-22 15:17 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-10-22 15:17 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-10-22 15:17 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-10-22 15:16 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-10-22 15:16 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-10-22 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-10-22 15:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-22 15:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-22 15:10 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-10-22 15:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-22 15:10 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-22 15:09 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-10-22 15:09 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-10-22 15:09 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-10-22 15:09 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-10-22 15:09 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-10-22 15:09 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-10-22 15:09 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-10-22 15:09 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-10-22 15:09 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-10-22 15:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-11-16 23:41 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-16 23:41 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-16 23:41 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 22:24]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:36]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 23:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-23 02:14]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 17:02]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 04:02]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 04:05]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 04:02]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-03 10:32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 17:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-07 04:58]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-05 06:39]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-19 03:56]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-19 03:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-14 05:05]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-08-23 16:27]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 16:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"EPSON Stylus CX3700 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACP.exe" [2005-02-08 04:00]
"EPSON Stylus CX3700 Series (Copy 1)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACP.exe" [2005-02-08 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]

C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071127.001\IDSvix86.sys
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fff38163-7ff4-11dc-b5b2-001a6b72db30}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PGFILTER
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 16:06:33
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 16:07:27
.
--- E O F ---

Edited by Mahou, 06 December 2007 - 12:10 AM.


#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 06 December 2007 - 04:43 PM

There are a few steps I want you to complete to try and resolve the slow down on your computer.
A whole host of reasons might account for this slow down, but I will highlight the most prominent ones below.
On most computers malware is the most common cause, but at the moment I do not think this is the case.
You might like to limit the programs that are loading when your computer starts; you might have unnecessary software loading when you boot your computer which is eating away at your CPU and ultimately slowing down your computer. Many programs install a quick launch feature which is not needed; if you want to use the program you can start it up manually. The easiest way to see whether a program is needed at startup, you can use bleeping computer's own list, which gives an indication of whether the program is required/optional etc. Note that essential processes such as those for your anti-virus or your modem must be kept.
So, firstly click on Start | Run and type msconfig. Then hit enter.
Click on the 'startup' tab and a list of programs will appear.
You can compare the startup name with those on the startup list. The link is below:
www.bleepingcomputer.com/startups
To stop a program loading at boot, just remove the tick.
Click 'OK', and choose to restart.

You might like to try and clear clutter off your computer, and free up some space on your hard drive.
Old games, unwanted photos and unused programs could be a starting point.
You can also clear clutter such as temporary files by doing the following:
Go to Start | Run.
Type the following in the box: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them.

Next you can defragment your hard-drive ... when was the last time you did this?
Windows puts new files in any available open space and defragging will cluster files closer together making your hard drive more efficient. This saves wear and tear while speeding up programs.
1. Open My Computer.
2. Right-click the local disk volume that you want to defragment, and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.
5. This process takes quite a long time, so be patient.

You might also like to read the following tutorial as additional information to the above:
These self-help instructions can be found here

Also try running the Windows repair facility:
Go to Start | Run and type in sfc.exe /scannow and press enter. It may ask for your XP Installation CD. Once it's done, please visit Windows Update to ensure that you've got the latest hotfixes and updates (sfc.exe replaces system files when it runs).

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

I'd like to see the Panda log in your next reply, along with some information about whether your computer has sped up at all. I would also like some more detailed descriptions of the pop-ups you receive- how often, what for?
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 Mahou

Mahou
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 07 December 2007 - 12:42 AM

Thanks so much, but the system is now quicker than before, I'm in the clear now, thanks! Also, I no-longer recieve any popups.

EDIT: Now my computer's slower again, I cannot scan with Panda as it doesn't support Vista, I'll be attempting the other methods you mentioned.

Edited by Mahou, 07 December 2007 - 07:42 AM.


#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 07 December 2007 - 12:46 PM

Sorry, I forgot that Panda wasn't compatable with Vista. Try running this scanner from Panda instead, it should work:

Nanoscan

Check the Full scan option.
Then click on the large Scan now button.
If a security warning appears, click on Install to load TotalScan.
Note: You may get a message from your antivirus saying that the website is infected, please ignore it.
Wait for the scan to load and update.
Inputting your email address is optional, you can simply skip it if you do not wish to participate.
Let the scan run; it will probably take a while to complete.
Once it's completed, click on the Save button.
Place the file somwhere where you can eaily find it, like your Desktop.

I'd like to see the contents of the generated report in your next post.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 Mahou

Mahou
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 07 December 2007 - 08:08 PM

Alright, scan's done, as is defragmenting, here's the log-
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-08 12:06:43
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 2007 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\HP\BIN\KillIt.exe
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Users\Gordon Smith\Desktop\FixIEDef\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Users\Gordon Smith\Desktop\Anti-Virus\SmitfraudFix\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@mediaplex[2].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@mysearch[2].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@mysearch[1].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.mysearch.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.mysearch.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.mysearch.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.ccbill.com/]
00156964 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@112.2o7[2].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.kinghost.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.yadro.ru/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gangbangsquad.com/]
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.webpower.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.xiti.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.gostats.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.statcounter.com/]
00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[www.gangbangsquad.com/]
00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[www.gangbangsquad.com/s1/]
00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[www.gangbangsquad.com/s1/]
00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[www.gangbangsquad.com/]
00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[www.gangbangsquad.com/]
00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[www.gangbangsquad.com/s1/]
00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[www.gangbangsquad.com/]
00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[www.gangbangsquad.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@www.burstbeacon[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[server.iad.liveperson.net/hc/18749710]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\gordon_smith@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.ads.pointroll.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@fortunecity[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@questionmarket[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@adrevolver[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Mozilla\Firefox\Profiles\cqdvm1ts.default\cookies.txt[.adultfriendfinder.com/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@adviva[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Gordon Smith\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordon_smith@atwola[1].txt
00517584 Application/SuperFast HackTools No 0 Yes No C:\Users\Gordon Smith\Desktop\Anti-Virus\SmitfraudFix\restart.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Users\Gordon Smith\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Users\Gordon Smith\Desktop\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Users\Gordon Smith\Desktop\Anti-Virus\SmitfraudFix\Reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 08 December 2007 - 04:41 PM

The log looks clean to me, are things running okay - apart from being slow?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 Mahou

Mahou
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 08 December 2007 - 04:53 PM

Yes, everything else is fine, I suppose the system just needs a clean up, thanks!

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 09 December 2007 - 12:05 PM

Great job! Now that you're free from malware, please follow these simple steps to decrease the likelihood of getting re-infected again:

Set your system to not show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Do not show hidden files and folders".
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

In order to protect yourself against spyware, you should consider installing and running the following free programmes:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please also read Tony Klein's excellent article: How I got Infected in the First Place.
Thanks and happy computing,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 Mahou

Mahou
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 10 December 2007 - 12:25 AM

Thank you so very much, I've never been so grateful, you are an amazing person, let alone an amazing site! This thread can be closed if you'd like.

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 10 December 2007 - 02:54 AM

You're very welcome, thank-you for the kind words.
Since this issue appears to be resolved, this topic is now closed.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users