Jump to content

Malware.Trace and Trojan.Vundo


brewski

Recommended Posts

Hello,

It appears I am experiencing the same problem as several other members(MBAM cant removes the keys then they come back) with the addition of firefox not connecting to the internet while IE does as well as norton 360 not opening/ running.

Thanks in advance!

Here are my logs:

MBAM Log:

Malwarebytes' Anti-Malware 1.31

Database version: 1456

Windows 5.1.2600 Service Pack 2

12/22/2008 8:32:36 PM

mbam-log-2008-12-22 (20-32-36).txt

Scan type: Quick Scan

Objects scanned: 72043

Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HiJack Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:46:43 PM, on 12/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: {e4d1a58a-1430-154b-9644-dac5dc33907e} - {e70933cd-5cad-4469-b451-0341a85a1d4e} - C:\WINDOWS\system32\nqvwry.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: nqvwry.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 10470 bytes

Link to post
Share on other sites

Panda Log:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-22 21:55:17

PROTECTIONS: 3

MALWARE: 41

SUSPECTS: 6

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Trend Micro PC-Cillin 2004 11.00 No Yes

Norton 360 8.2.0.81 No No

Norton Antivirus Internet Security 2008 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms track system

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.casalemedia.com/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Local Settings\Temp\Cookies\brian farkas@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.doubleclick.net/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Local Settings\Temp\Cookies\brian farkas@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@atdmt[1].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.tradedoubler.com/]

00145393 Cookie/Tradedoubler TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.tradedoubler.com/]

00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.tribalfusion.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.mediaplex.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.mediaplex.com/]

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@mediaplex[1].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.ccbill.com/]

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.ccbill.com/]

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.ccbill.com/]

00149116 Cookie/Ccbill TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ccbill.com/]

00149116 Cookie/Ccbill TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ccbill.com/]

00149116 Cookie/Ccbill TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ccbill.com/]

00149116 Cookie/Ccbill TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ccbill.com/]

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.ccbill.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.yadro.ru/]

00167647 Cookie/Yadro TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.yadro.ru/]

00167704 Cookie/Xiti TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.xiti.com/]

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.xiti.com/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.toplist.cz/]

00167749 Cookie/Toplist TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.toplist.cz/]

00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]

00167764 Cookie/Sextracker TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][counter7.sextracker.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]

00168061 Cookie/Apmebf TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.apmebf.com/]

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@apmebf[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.burstnet.com/]

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.burstnet.com/]

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.burstnet.com/]

00168076 Cookie/BurstNet TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.burstnet.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][www.burstbeacon.com/]

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[www.burstbeacon.com/]

00168106 Cookie/Weborama TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.weborama.fr/]

00168106 Cookie/Weborama TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.weborama.fr/]

00168106 Cookie/Weborama TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.weborama.fr/]

00168109 Cookie/Adtech TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adtech.de/]

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@server.iad.liveperson[1].txt

00168114 Cookie/onestat.com TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][stat.onestat.com/]

00168114 Cookie/onestat.com TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][stat.onestat.com/]

00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]

00169286 Cookie/Sextracker TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.sextracker.com/]

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]

00170554 Cookie/Overture TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.overture.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@realmedia[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Local Settings\Temp\Cookies\brian farkas@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]

00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]

00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]

00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]

00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]

00173520 Cookie/Bluestreak TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.bluestreak.com/]

00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adrevolver.com/]

00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adrevolver.com/]

00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adrevolver.com/]

00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adrevolver.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@adultfriendfinder[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.target.com/]

00207338 Cookie/Target TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.target.com/]

00387058 W32/Flux.DP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP104\A0015184.inf

00450804 Trj/Alureon.H Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP131\A0021582.exe

00450804 Trj/Alureon.H Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP131\A0021583.exe

00462896 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP120\A0018173.dll

00462896 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP120\A0018155.dll

00462896 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP119\A0018142.dll

00462896 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP119\A0018138.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\WINDOWS\System32\nqvwry.dll

No C:\WINDOWS\system32\nqvwry.dll

No C:\Documents and Settings\Brian Farkas\Local Settings\Temporary Internet Files\Content.IE5\YZ8NQ5WN\setupxv[1].exe

No C:\Documents and Settings\Brian Farkas\My Documents\Downloads\Numark Cue v5.3-BEAN\patch.exe

No C:\WINDOWS\system32\nqvwry.dll

No C:\WINDOWS\system32\rqixejhw.dll

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

182048 HIGH MS07-069

176382 HIGH MS07-057

170907 HIGH MS07-046

170906 HIGH MS07-045

170904 HIGH MS07-043

164913 HIGH MS07-033

160623 HIGH MS07-027

150253 HIGH MS07-016

141030 HIGH MS06-072

137568 HIGH MS06-067

126083 HIGH MS06-042

120814 HIGH MS06-021

108742 MEDIUM MS06-006

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

  • Root Admin

Please note the Holidays are approaching and I may be unavailable for a couple days. Please be patient, I've not forgotten you and will resume assistance when I return

Close down all applications and browsers, including the one you're reading this with so that the fixes can be completed.

Make sure your Desktop Doctor from Comcast does not block the changes either.

STEP 01

Start HJT and do a Scan only and place a check mark on the following items
  • F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

  • O2 - BHO: {e4d1a58a-1430-154b-9644-dac5dc33907e} - {e70933cd-5cad-4469-b451-0341a85a1d4e} - C:\WINDOWS\system32\nqvwry.dll

  • O20 - AppInit_DLLs: nqvwry.dll

    Then click on
    Fix checked

STEP 02

Please upload the following files for review
here

C:\WINDOWS\system32\nqvwry.dll

C:\WINDOWS\system32\rqixejhw.dll

STEP 03

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download
JavaRa
and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on
    JavaRa.exe
    to start the program.
  • From the drop-down menu, choose
    English
    and click on
    Select
    .

  • JavaRa will open; click on
    Remove Older Versions
    to remove the older versions of Java installed on your computer.

  • Click
    Yes
    when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click
    OK
    .

  • A logfile will pop up. Please save it to a convenient location.

Update Java Runtime

The most current version of Sun Java is:
Java Runtime Environment (JRE) 6 Update 11
.
  • Go to
    http://java.sun.com/javase/downloads/index.jsp
  • Go to
    Java Runtime Environment (JRE) 6 Update 11
    about half way down the page and click on the
    Download
    button.

  • In Platform box choose Windows.

  • Check the box to
    Accept License Agreement
    and click Continue.

  • Click on
    Windows Offline Installation,
    click on the link under it which says
    jre-6u11-windows-i586-p.exe
    and save the downloaded file to your desktop.

  • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.

  • Uncheck the Toolbar button (unless you want the toolbar)

  • Reboot your computer

STEP 04

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware

    • Update Malwarebytes' Anti-Malware
    • Select the
      Update
      tab

    • Click
      Update

    [*]
    When the update is complete, select the
    Scanner
    tab

    [*]
    Select
    Perform quick scan
    , then click
    Scan
    .

    [*]
    When the scan is complete, click
    OK
    , then
    Show Results
    to view the results.

    [*]
    Be sure that everything is checked, and click
    Remove Selected
    .

    [*]
    When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
      mbam-log-date (time).txt

STEP 05

Run a new HJT scan and save the log. Then post back the most recent logs from MBAM and HJT
Link to post
Share on other sites

MBAM

Malwarebytes' Anti-Malware 1.31

Database version: 1456

Windows 5.1.2600 Service Pack 2

12/25/2008 3:49:06 PM

mbam-log-2008-12-25 (15-49-06).txt

Scan type: Quick Scan

Objects scanned: 72701

Time elapsed: 18 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:50:11 PM, on 12/25/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 10504 bytes

Link to post
Share on other sites

  • Root Admin

Well it is the Holidays and most helpers are away with Family and Friends.

I will be out of Town until Monday but please run the following while I'm away and I'll assist you further when I return.

Please run this AntiVirus tool

Download to the desktop: Dr.Web CureIt

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Then run this...

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the restart run a new HJT scan and save log.

Post back ALL the logs and I'll assist you further on Monday when I return.

Merry Christmas

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:27:47 PM, on 12/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 10455 bytes

DrWeb.csv

RegUBP2b-Brian Farkas.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

A0027322.reg;C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP148;Trojan.StartPage.1505;Deleted.;

A0027537.reg;C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP152;Trojan.StartPage.1505;Deleted.;

Link to post
Share on other sites

  • Root Admin

Please note the Holidays are here and I may be unavailable for a few days or more.

Please be patient, I've not forgotten you and will resume assistance when I return

Many of the other helpers are also visiting Family and Friends so please be patient.

Please
Download
OTMoveIt3
by Old Timer
and save it to your
Desktop
.
  • Double-click
    OTMoveIt3.exe
    to run it.
  • While connected to the Internet, Click on the green
    CleanUp!
    button and it will populate a list of items to clean from your system that we used or may have used.

  • It should ask if you want to clean up, select Yes and allow the system to clean up these items.

NOW

please reboot your computer to finish the cleanup process and post back the log from OTMoveIt3

Try downloading a new version of JavaRa from the FRANCE mirror of Sourceforge

(you will have to manually select it) the version you have doesn't appear to be the new one.

Also check in the ADDITIONAL Settings and choose the TOP 5 items and check them off and click GO.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

You did not post the MBAM log and the full DrWeb log.

Please update MBAM and do another Quick Scan and fix anything found, then RESTART the computer.

After the restart run HJT, scan and save log.

Post back FULL MBAM, HJT logs on your next reply. Also let me know how the system is running and if your still experiencing anything to indicate you may still be infected.

I might not be able to get back with you on this for a few days, please be patient.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.