PUM.Bad.Proxy / Registery Value Infected

View previous topic View next topic Go down

Solved PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 20th November 2011, 1:47 am

I was having a problem with computer freezing and at the time it did not have a virus. I was getting help in another forum. Now I have a virus and scanned with Malwarebytes. They advised me to get help with this problem before proceeding. Please advise. Thank you.

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8197

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19154

11/19/2011 8:33:36 PM
mbam-log-2011-11-19 (20-33-36).txt

Scan type: Quick scan
Objects scanned: 157617
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 20th November 2011, 6:15 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
**********************************************************
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Download DDS from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.].Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 21st November 2011, 12:24 am

I am probably not supposed to do this on one thread but I am trying to scan both of my laptops....while I am sitting here. The one that had the problem (Dell Vostro 1500 / Vista) has 5 threats so far... but I am having trouble scanning because there is another problem involved.
The other one, Dell Latitude D600/ Windows XP which to my surprise has 362 threats. The Latitude does not open a notepad automatically like instructed after the scan is done. I looked in Notepad to see if the log was there but it was not. How can I get this to open like it should? Thank you!

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 21st November 2011, 1:26 am

Please run the scan on one computer only. It's too confusing to try to clean both in the same thread.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 21st November 2011, 2:57 am

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19154
Run by samara at 21:54:32 on 2011-11-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1494 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Verizon SMB Toolbar: {a057a204-bacc-4d26-dfc4-79a09bf76bc9} - c:\progra~1\vzsmbtb\vzsmbtb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
TB: Verizon SMB Toolbar: {a057a204-bacc-4d26-dfc4-79a09bf76bc9} - c:\progra~1\vzsmbtb\vzsmbtb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{18B47DAD-4987-40DC-94F6-ED33FB4887AF} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F9F4116B-452C-4C14-99FD-80A8579E3DFC} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-17 21504]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-20 23:08:17 -------- d-----w- c:\users\samara\appdata\roaming\SUPERAntiSpyware.com
2011-11-20 22:40:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-20 22:39:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-18 03:05:47 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-11-14 01:45:43 -------- d-sh--w- C:\found.004
2011-11-11 23:55:17 -------- d-----w- c:\users\samara\appdata\roaming\B9B9C
2011-11-11 23:42:15 -------- d-----w- c:\program files\B9B9C
2011-11-11 23:41:05 -------- d-----w- c:\users\samara\appdata\roaming\46AB9
2011-11-11 23:41:05 -------- d-----w- c:\program files\LP
2011-11-09 23:20:43 -------- d-sh--w- C:\found.003
2011-11-09 18:28:19 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ef06b72f-5061-4ae1-9bdf-28514415b6d4}\mpengine.dll
2011-11-09 18:22:22 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:22:21 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 18:22:21 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-25 18:14:18 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 21:56:02.24 ===============

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 21st November 2011, 2:58 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/16/2007 10:42:03 AM
System Uptime: 11/20/2011 9:40:09 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0NX907
Processor: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz | Microprocessor | 1396/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 108.877 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.001 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1519: 11/9/2011 1:22:39 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Broadcom Management Programs
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Automated PC TuneUp
Dell Driver Download Manager
Dell Network Assistant
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Epson Easy Photo Print 2
EPSON NX100 Series Printer Uninstall
EPSON Scan
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IntelliMover
Java(TM) SE Runtime Environment 6
Kaspersky Internet Security 2011
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OGA Notifier 2.0.0048.0
OutlookAddinSetup
ParetoLogic Privacy Controls
Product Documentation Launcher
QuickSet
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Verizon SMB Toolbar
Walmart MP3 Music Downloads
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
.
==== End Of File ===========================

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 21st November 2011, 8:05 pm

I would also like to see the SAS and Security Check logs.

Download [You must be registered and logged in to see this link.] to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

:Files

C:\found.004
C:\found.003

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**********************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click [You must be registered and logged in to see this link.] to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 22nd November 2011, 12:07 am

========== OTL ==========
========== FILES ==========
C:\found.004 folder moved successfully.
C:\found.003 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11212011_190627

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 22nd November 2011, 12:47 am

ComboFix 11-11-21.01 - samara 11/21/2011 19:20:10.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1025 [GMT -5:00]
Running from: c:\users\samara\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\2994\27EE.tmp
c:\program files\LP\2994\66F3.tmp
c:\program files\LP\2994\D6D.tmp
c:\programdata\SPL18F2.tmp
c:\programdata\SPL2119.tmp
c:\programdata\SPL2179.tmp
c:\programdata\SPL236.tmp
c:\programdata\SPL3AB3.tmp
c:\programdata\SPL6385.tmp
c:\programdata\SPL6F38.tmp
c:\programdata\SPL989B.tmp
c:\users\samara\Documents\~WRL0004.tmp
c:\users\samara\Documents\~WRL0430.tmp
c:\users\samara\Documents\~WRL0928.tmp
c:\users\samara\Documents\~WRL1462.tmp
c:\users\samara\Documents\~WRL1608.tmp
c:\users\samara\Documents\~WRL2136.tmp
c:\users\samara\Documents\~WRL3999.tmp
c:\users\samara\Documents\~WRL4041.tmp
c:\users\samara\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 00:32 . 2011-11-22 00:32 -------- d-----w- c:\users\samara\AppData\Local\temp
2011-11-22 00:32 . 2011-11-22 00:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-22 00:32 . 2011-11-22 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 00:06 . 2011-11-22 00:06 -------- d-----w- C:\_OTL
2011-11-20 23:08 . 2011-11-20 23:08 -------- d-----w- c:\users\samara\AppData\Roaming\SUPERAntiSpyware.com
2011-11-20 22:40 . 2011-11-20 23:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-20 22:39 . 2011-11-20 22:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-18 03:05 . 2007-06-29 09:22 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-11-11 23:55 . 2011-11-13 21:46 -------- d-----w- c:\users\samara\AppData\Roaming\B9B9C
2011-11-11 23:42 . 2011-11-21 01:54 -------- d-----w- c:\program files\B9B9C
2011-11-11 23:41 . 2011-11-13 21:58 -------- d-----w- c:\users\samara\AppData\Roaming\46AB9
2011-11-11 23:40 . 2011-11-11 23:40 -------- d-----w- c:\windows\Sun
2011-11-09 18:28 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF06B72F-5061-4AE1-9BDF-28514415B6D4}\mpengine.dll
2011-11-09 18:22 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:22 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 18:22 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-06 03:29 . 2011-11-06 03:29 -------- d-----w- c:\programdata\WindowsSearch
2011-10-25 18:14 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 23:06 . 2011-10-14 19:22 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-14 19:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-14 19:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-14 19:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-14 19:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-14 19:22 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-14 19:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-14 19:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-14 19:22 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2009-08-05 01:08 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-14 19:21 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-14 19:21 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-14 19:21 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-14 19:21 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-25 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
backup=c:\windows\pss\Dell Network Assistant.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^samara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=c:\users\samara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=c:\windows\pss\Epson all-in-one Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 09:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-10-10 00:56 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCJCATS]
2006-10-20 23:45 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcjtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-10-10 00:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 23:29 39264 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-06-29 09:22 154392 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-06-29 09:22 138008 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 22:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-29 09:22 133912 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-06-27 10:17 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-25 03:04 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-08 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2007-09-19 04:55]
.
2011-11-22 c:\windows\Tasks\User_Feed_Synchronization-{A4DF7D5A-A948-417C-8415-C702524E3D61}.job
- c:\windows\system32\msfeedssync.exe [2011-10-14 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-11-21 19:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-21 19:38:38
ComboFix-quarantined-files.txt 2011-11-22 00:38
ComboFix2.txt 2010-02-27 01:43
.
Pre-Run: 116,732,010,496 bytes free
Post-Run: 116,495,503,360 bytes free
.
- - End Of File - - E8CB5421758F35EF323268F7DB5E0235

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 22nd November 2011, 12:58 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 22nd November 2011, 1:59 am

Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Kaspersky Internet Security 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) SE Runtime Environment 6
Adobe Reader 8 (Adobe Reader out of date!)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
Kaspersky Lab Kaspersky Internet Security 2011 klwtblfs.exe
``````````End of Log````````````

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 22nd November 2011, 9:46 pm

After about 15min of scanning with malwarebytes, the program stops. It does not finish scanning. Have to manuelly shut down. Do you think I can run malwarebytes in Safemode or can I do something else so that it will run longer. Please advise.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 22nd November 2011, 11:16 pm

Please try running MBAM in Safe Mode.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Update your Adobe Reader. [You must be registered and logged in to see this link.].

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
*********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 25th November 2011, 7:03 pm

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8212

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19154

11/25/2011 10:08:50 AM
mbam-log-2011-11-25 (10-08-49).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 297242
Time elapsed: 53 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 25th November 2011, 9:20 pm

Unable to update Adobe.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found



Last edited by Vista on 25th November 2011, 9:35 pm; edited 1 time in total

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 25th November 2011, 9:33 pm

Unable to update Adobe.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 25th November 2011, 11:51 pm

Please tell me what's happening with your computer now.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 26th November 2011, 3:45 pm

I am having a problem with a white screen now. If I click on something to soon, the white screen pops up and says not responding. Before if I would do that the internet page would still be in the background and the screen would have a frosted look... not all white like it is now. Anyway, nothing would work. The cursor would just stay as an arrow or it would be the hour glass. The only thing I can do is shut it down manually. Not sure if this is part of this forum or another forum. Please advise.
I will scan the ESET scan now..... it does not seem to want to cooperate. I will have to try later.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 27th November 2011, 2:17 am

You could try this one.

Please go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives


5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 28th November 2011, 10:46 pm

Tried scanning with ESET but it just stopped scanning. The clock on the scan continued to move but the actually scan stopped. Then it went to the BLUE screen with white letters stating Windows had to shut down to protect further damage. Could not read the rest it went so fast. Tried the Kaspersky scan but it just stopped scanning too. It seems it gets to a certin point... maybe 5-10min. then it just stops. Not sure why it keeps doing that. Please advise.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 29th November 2011, 12:11 am

Let's run a few more scans to see what turns up.

Please download [You must be registered and logged in to see this link.] ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 29th November 2011, 2:33 am

I can get it to the desktop but a pop up says Windows cannot access the specified device, path or file. You many not have the appropriate permissions to access the item.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 29th November 2011, 3:08 am

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 7 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator


You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* [You must be registered and logged in to see this link.]
* [You must be registered and logged in to see this link.]
* [You must be registered and logged in to see this link.]
* [You must be registered and logged in to see this link.]
* [You must be registered and logged in to see this link.]
* [You must be registered and logged in to see this link.]
* [You must be registered and logged in to see this link.]
Once you've gotten one of them to run then try to immediately run ESET.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 29th November 2011, 2:51 pm

OK. Did the Rkill scan and then did the ESET scan and it only went to 5% scanning progress and then stopped. I have tried this several times after manually shutting down computer. It seems it gets to a certin point then it crashes and the blue screen pops up stating (I think?):
Kernal Stack image error Doesn't stay up long enough to read the whole thing.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 29th November 2011, 3:11 pm

It is scanning now ESET at 34% hopefully it will complete the scan since this is the farthest it ever went.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 29th November 2011, 4:37 pm

Well, after over an hour of scanning Eset it crashed again. Did Rkill again and the scan came up = processess terminated by RKill : c:\windows\System32\grpconv.exe
Let me think Going to try to Eset scan again.
UPDATE: IT IS NOW 9:43 pm and I am still trying to Eset scan after all day. It does not seem to complete through the scan. I am going to give up now.Can I try something else? Let me know your thoughts.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 30th November 2011, 7:33 pm

Please try the Kaspersky scanner.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 1st December 2011, 1:13 am

Kaspersky website link is invalid. says 404 Error Can I go to another site?

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 1st December 2011, 2:36 am

That's weird. Let's try this just to see if we can get something to work.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 2nd December 2011, 12:33 am

Malware did scan. Results are as follows.
Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8281

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/1/2011 1:07:23 AM
mbam-log-2011-12-01 (01-07-23).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 308987
Time elapsed: 1 hour(s), 53 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 2nd December 2011, 7:14 pm

Let's see if this will work.

Scan your computer with [You must be registered and logged in to see this link.]

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 4th December 2011, 3:29 am

Tried to scan the Panda Active Scan several times and it did scan to 25% and it showed 216 infected files. After that it froze up and had to shut down. \Not sure what I should do next.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 4th December 2011, 6:39 pm

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 5th December 2011, 10:13 pm

WOW!! Finally a full scan after a safemode scan of Kaspersky AVP, which by the way did not show any threats at all. Below is Panda Scan. I think we had a breakthrough!!! I am so happy Hooray!
Thank you for all your help!

;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-12-05 17:06:59
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\3car7rur.txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\9qw8hr93.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\h8tradfy.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\i79oe0dg.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\fc9t76ma.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\1cyzfr24.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\e6mlcw36.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\xl9d7eg1.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\cwe0qad0.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\nhhk9ww8.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\xwp4qn6w.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\p7h5w5q0.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\8xqq58p2.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\pzw1ukop.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\icfi80x2.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\q4crq6i2.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\7262m3x1.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\5gk1tfhc.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\sczboun4.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\se0klt09.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\sm7d2waz.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\zdnxn6zz.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\21y6yc14.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\9fi5seip.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\0wap7zz1.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\76ybej3c.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\iysezxn7.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\j6ddaqt3.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\jcxxeu3a.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\1kt1glbi.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\1r1py0vz.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\1u32tp0u.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\jp9lb0mf.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\g7yqhtrn.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\l318koof.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\noz5kn0e.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\fa8h79xy.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\lxp7154q.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\xq1qmm44.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\dxfvz68b.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\d4s5d65a.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\meywl0h8.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\3q7x691q.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\402un1n3.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\0hnpf0b4.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\cwlszfh3.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\4zgg7vc4.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\dzphpsup.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\en0jjgye.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\no6r4vdi.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\aupdyv3g.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\5zj7nrwk.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\hvsex3eg.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\numy5snj.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\an5j8knb.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\nyxggb2d.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\a7n8nwcp.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6ou98rop.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6q5blf5r.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6u5uarmx.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6w1wfq6d.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\a23pr33s.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\p35cdo7x.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\03s833z7.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\9rf3rapy.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\78kakx3n.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\7hy9nvbt.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\98nw2kws.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\vx8w7bzs.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\q0bf4u6h.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\hkfsoo0t.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\vit99kk8.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\0znjp4qs.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\8dtannk8.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\icypsmkj.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\8tm7vefh.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\gsfekngj.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\7fldjfrl.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\9bqoyekc.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\lqe50sxs.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\9mo76ga1.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\fsej58dk.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\190qvs6y.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\76nsy4f6.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\0jeolf7z.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\p0quu9tv.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\a1mw867e.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ql7426h7.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\rj1k3849.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\hymd93jc.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ofgzddfe.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6kdpx7do.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\nvjq323o.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\rla5j892.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6e8f9ok3.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\68iav3a4.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\5ny0mtux.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\26adn073.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\g2zv4tvq.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\bw0wd3aj.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\knwsk24x.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\coevz1rk.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\up49vp7r.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\4nhnp4j5.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\uwzfaq79.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\d2idoa31.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\m4s4nxh5.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\0j42tjdl.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\dpz7v39i.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\dvj2xr5d.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\t5nhvs0w.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\tekc6n08.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ecd5c66n.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\2c62afvf.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\2eoje79c.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\lp8lf4l3.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\lbz7g4jl.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\2twyatww.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\fdt1cjrv.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\u9rmvf4h.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\19f0fr11.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\edcoqqo2.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\pg2748cj.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\nkixa5h5.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ju4l28jo.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\vcz03tj4.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\rwo8wdrr.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\yyjkzcg0.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\x3e9ccq4.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\tm0eny81.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\w7j6cjjr.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ik0hymzu.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\pfzrqvga.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\71unynln.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\i59ntl7q.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\06v7d4k1.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\atq5bfsa.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\oxxktr5t.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\7lz26vqi.txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\fia91yoz.txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\kgi9k4ac.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\i6shform.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\5cfu4zp0.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\qov9oq02.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\gzfujv5w.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\taugvb6j.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6w4xrwsi.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\31hswtgc.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\tlmomwjb.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\87kzqbnr.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\xzh8tdqu.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\8dd160cc.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\tqf29vq2.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\bvn87cjt.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\1133qfdg.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\un3zoa6q.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\k64rp7co.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\0pvgx395.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\cw3k0dlh.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\g0o2erjz.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\al2i8mec.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\fvmkgd4k.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\f0kmc70r.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\wbb60jb4.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\lk1zdiud.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\04s0govm.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ei7wr1ao.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\w02h9k6j.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\d054bt0p.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\mpmgr69r.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\snr35wfk.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\hxnmondi.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\s7o8qown.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\mpnybr3x.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\eluqqtui.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\aq9b19v2.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\kz27337n.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\k8o60p02.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\cvkn3dbf.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\afgqjgru.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ulj4pun1.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\9z2ktf3s.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\jq0o21uh.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\gh58yfsr.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\paowpe66.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\8hrvu9ix.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\gmxt9lmc.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\gr12qlx0.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\yrnfhwu1.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\a9bar2be.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\qif5v2o6.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\z29sidov.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\gwll5n1y.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\zl1go99w.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\t8ae2dmy.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\33vez2y6.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\7ij9z0h9.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\cctwv31i.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\saqacose.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\i0j68jt2.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\4e2dousf.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\skrpoz3t.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\0iycb32q.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\iq2q166d.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\g6yvl0vn.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\wyo6215n.txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\59d20qvg.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6fzmnx51.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\f0mm3xry.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\9n9fxuiv.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\izumnchh.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\q40s610h.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\btsa2f5b.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\y2ohsl0l.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\hqd5xdwx.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ntm7wd12.txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\kbge3zmx.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\abalqkn0.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ivfc57zy.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\w5em8lkk.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\7k2ib53r.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\p8xvmjfa.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\9td2bt7h.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\09hhu359.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\2zgjac2t.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\hntd5k2e.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\7d03vgdj.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\d40wjb7z.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\bbgmqq02.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\nz3by7n6.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\hmmm519f.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\3h03xzmx.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\xlabkxf7.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\vx92572r.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\6ljcmtcg.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\gewlv3lv.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\qlwxj4oz.txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\in1dz45b.txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\aibbcen3.txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\samara\appdata\roaming\microsoft\windows\cookies\low\ldbx8p5a.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 5th December 2011, 11:10 pm

Please give me an update. What's working and what's not working? Can you run any of the scans?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 6th December 2011, 2:17 am

I just ran Kaspersky Virus Removal Tool and last time I checked it was at 75%. Then I checked again and it was running chk disc. Windows gave me this pop up below, but it seems to be running fine now. It is just slow starting up and Kaspersky has these pop ups now saying continue with installation and popups saying uninstall in a black screen, and it keeps saying low disk space when it is not.
Below is the Windows pop up:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033

Additional information about the problem:
BCCode: 1a
BCP1: 00000030
BCP2: 893E73E8
BCP3: A4D7E000
BCP4: 9B1F8158
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini120511-02.dmp
C:\Users\samara\AppData\Local\temp\WER-223752-0.sysdata.xml
C:\Users\samara\AppData\Local\temp\WER4172.tmp.version.txt

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 6th December 2011, 2:42 am

Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
StartupLite

Download [You must be registered and logged in to see this link.] to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 6th December 2011, 4:53 am

OK, I have completed the downloads and it seems to be running great.... until I installed IE9. I tried looking for it in the uninstall programs on the control panel but it was not there. Nor was the IE8 which I had before.
I would just like to go back to the IE8 like it was. How do I find it to uninstall? I do not know what I was thinking!
Thank you for all your hard work and it is greatly appreciated !!!
One last question please... when booting up it still takes long to get to the desktop. Which services or startup items do i omit so they do not load during start up? They are all checked now.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 6th December 2011, 8:39 pm

until I installed IE9. I tried looking for it in the uninstall programs on the control panel but it was not there.
What happened with IE9?

I would just like to go back to the IE8 like it was. How do I find it to uninstall? I do not know what I was thinking!
You would be better off with IE9. Malware and viruses just love out-of-date programs.
If you really want to go back to IE8 [You must be registered and logged in to see this link.] how to do it.
Could you please try to run ESET or Kaspersky on-line scanner?


One last question please... when booting up it still takes long to get to the desktop. Which services or startup items do i omit so they do not load during start up? They are all checked now. .
How much time are talking about? My Xp computer needs at least 10 mins. before I really start working with it. All the upgrades start coming in at each boot and it really ties up the machine so I've gotten in the habit of turning it on about 15 mins. before I'm ready to use it.
If you followed the directions for StartUpLite it will do it automatically for you.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 7th December 2011, 3:07 pm

Well, I am back to square one. As I was getting on GeekPolice this morning, my Kaspersky found a virus. After that it went back to the same way it was acting before. I can not even do a Kaspersky Virus Scan in normal mode. I am doing it now in Safe Mode. Will get back with you after the scan.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 10th December 2011, 9:10 pm

Well, I gave in and let a computer friend of mine wipe it clean. It just was taking to long to fix and my daughter had to take it back to college. Thank you for all your help!!! Please mark this problem as solved. Smile

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 11th December 2011, 2:08 am

I'm sorry it had to come to that. Cleaning a computer on-line can be a lengthy process depending on the amount of infections.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on 11th December 2011, 1:34 pm

One more question, Super Dave. My son came home from college yesterday and informed me his Dell Inspriion lap top /w/ Vistawill not work. When you boot it up a white screen comes up automaticly.... can not even get it to Safe Mode. Also he said a computer guy at school wiped it clean for him and after that it did not work properly. My question finally is... which fourem do I go to get this resolved or is it a hardware issue? Thanks again for all your help!!!! Thank You!

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32774
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on 11th December 2011, 6:23 pm

[You must be registered and logged in to see this link.] wrote:One more question, Super Dave. My son came home from college yesterday and informed me his Dell Inspriion lap top /w/ Vistawill not work. When you boot it up a white screen comes up automaticly.... can not even get it to Safe Mode. Also he said a computer guy at school wiped it clean for him and after that it did not work properly. My question finally is... which fourem do I go to get this resolved or is it a hardware issue? Thanks again for all your help!!!! Thank You!
If it was re-formatted it could be something went wrong with the format or it could be a hardware issue. You could start a thread in the software forum to get started.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum