8 replies to this topic

[brewski]

Hello,

It appears I am experiencing the same problem as several other members(MBAM cant removes the keys then they come back) with the addition of firefox not connecting to the internet while IE does as well as norton 360 not opening/ running.


Thanks in advance!

Here are my logs:

MBAM Log:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/22/2008 8:32:36 PM
mbam-log-2008-12-22 (20-32-36).txt

Scan type: Quick Scan
Objects scanned: 72043
Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




HiJack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:43 PM, on 12/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {e4d1a58a-1430-154b-9644-dac5dc33907e} - {e70933cd-5cad-4469-b451-0341a85a1d4e} - C:\WINDOWS\system32\nqvwry.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: nqvwry.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10470 bytes

[brewski]

Panda Log:
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-22 21:55:17
PROTECTIONS: 3
MALWARE: 41
SUSPECTS: 6
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Trend Micro PC-Cillin 2004 11.00 No Yes
Norton 360 8.2.0.81 No No
Norton Antivirus Internet Security 2008 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms track system
00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Local Settings\Temp\Cookies\brian farkas@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Local Settings\Temp\Cookies\brian farkas@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@mediaplex[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.ccbill.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.ccbill.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.ccbill.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ccbill.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ccbill.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ccbill.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ccbill.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.ccbill.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.xiti.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.statcounter.com/]
00167764 Cookie/Sextracker TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][counter7.sextracker.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][www.burstbeacon.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[www.burstbeacon.com/]
00168106 Cookie/Weborama TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.weborama.fr/]
00168109 Cookie/Adtech TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.sextracker.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Local Settings\Temp\Cookies\brian farkas@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Cookies\brian farkas@adultfriendfinder[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.adultfriendfinder.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Brian Farkas\Application Data\Mozilla\Firefox\Profiles\qmttvii2.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 No No C:\Documents and Settings\Brian Farkas\Local Settings\Application Data\SupportSoft\ddoctorv2\Brian Farkas\state\backup\co\cookies.txt\77328_5aa8f564a_[cookies.txt][.target.com/]
00387058 W32/Flux.DP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP104\A0015184.inf
00450804 Trj/Alureon.H Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP131\A0021582.exe
00450804 Trj/Alureon.H Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP131\A0021583.exe
00462896 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP120\A0018173.dll
00462896 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP120\A0018155.dll
00462896 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP119\A0018142.dll
00462896 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP119\A0018138.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
No C:\WINDOWS\System32\nqvwry.dll
No C:\WINDOWS\system32\nqvwry.dll
No C:\Documents and Settings\Brian Farkas\Local Settings\Temporary Internet Files\Content.IE5\YZ8NQ5WN\setupxv[1].exe
No C:\Documents and Settings\Brian Farkas\My Documents\Downloads\Numark Cue v5.3-BEAN\patch.exe
No C:\WINDOWS\system32\nqvwry.dll
No C:\WINDOWS\system32\rqixejhw.dll
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
182048 HIGH MS07-069
176382 HIGH MS07-057
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164913 HIGH MS07-033
160623 HIGH MS07-027
150253 HIGH MS07-016
141030 HIGH MS06-072
137568 HIGH MS06-067
126083 HIGH MS06-042
120814 HIGH MS06-021
108742 MEDIUM MS06-006
;===============================================================================
================================================================================
=
===================

[AdvancedSetup]

[indent]Please note the Holidays are approaching and I may be unavailable for a couple days. Please be patient, I've not forgotten you and will resume assistance when I return[/indent]
[indent]Close down all applications and browsers, including the one you're reading this with so that the fixes can be completed.

Make sure your Desktop Doctor from Comcast does not block the changes either.
STEP 01
[indent]Start HJT and do a Scan only and place a check mark on the following items[/indent]
[indent]

• F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
  
• O2 - BHO: {e4d1a58a-1430-154b-9644-dac5dc33907e} - {e70933cd-5cad-4469-b451-0341a85a1d4e} - C:\WINDOWS\system32\nqvwry.dll
  
• O20 - AppInit_DLLs: nqvwry.dll
  Then click on Fix checked

[/indent]
STEP 02
[indent]Please upload the following files for review here
[indent]C:\WINDOWS\system32\nqvwry.dll
C:\WINDOWS\system32\rqixejhw.dll[/indent][/indent]
STEP 03
[indent]Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location.

Update Java Runtime

The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 11.

• Go to http://java.sun.com/...loads/index.jsp
  
  
• Go to Java Runtime Environment (JRE) 6 Update 11 about half way down the page and click on the Download button.
  
• In Platform box choose Windows.
  
• Check the box to Accept License Agreement and click Continue.
  
• Click on Windows Offline Installation, click on the link under it which says jre-6u11-windows-i586-p.exe and save the downloaded file to your desktop.
  
• Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
  
• Uncheck the Toolbar button (unless you want the toolbar)
  
• Reboot your computer

[/indent]

[/indent]

STEP 04
[indent]Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

[/indent]

STEP 05
[indent]Run a new HJT scan and save the log. Then post back the most recent logs from MBAM and HJT[/indent]

[brewski]

MBAM
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/25/2008 3:49:06 PM
mbam-log-2008-12-25 (15-49-06).txt

Scan type: Quick Scan
Objects scanned: 72701
Time elapsed: 18 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:11 PM, on 12/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10504 bytes

[AdvancedSetup]

Well it is the Holidays and most helpers are away with Family and Friends.
I will be out of Town until Monday but please run the following while I'm away and I'll assist you further when I return.

Please run this AntiVirus tool

Download to the desktop: Dr.Web CureIt

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  
• Back at the main window, mark the drives that you want to scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can click next icon next to the files found:
  
  If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Then run this...
Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the restart run a new HJT scan and save log.
Post back ALL the logs and I'll assist you further on Monday when I return.

Merry Christmas

[brewski]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:47 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10455 bytes


DrWeb.csv
RegUBP2b-Brian Farkas.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0027322.reg;C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP148;Trojan.StartPage.1505;Deleted.;
A0027537.reg;C:\System Volume Information\_restore{4DEA165D-E292-49AA-99F1-5F2042B5EE3A}\RP152;Trojan.StartPage.1505;Deleted.;

[AdvancedSetup]

[indent]Please note the Holidays are here and I may be unavailable for a few days or more.
Please be patient, I've not forgotten you and will resume assistance when I return
Many of the other helpers are also visiting Family and Friends so please be patient.[/indent]


[indent]Please Download OTMoveIt3 by Old Timer and save it to your Desktop.

• Double-click OTMoveIt3.exe to run it.
  
• While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
  
• It should ask if you want to clean up, select Yes and allow the system to clean up these items.

NOW please reboot your computer to finish the cleanup process and post back the log from OTMoveIt3[/indent]


Try downloading a new version of JavaRa from the FRANCE mirror of Sourceforge
(you will have to manually select it) the version you have doesn't appear to be the new one.
Also check in the ADDITIONAL Settings and choose the TOP 5 items and check them off and click GO.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location.

You did not post the MBAM log and the full DrWeb log.

Please update MBAM and do another Quick Scan and fix anything found, then RESTART the computer.
After the restart run HJT, scan and save log.

Post back FULL MBAM, HJT logs on your next reply. Also let me know how the system is running and if your still experiencing anything to indicate you may still be infected.


I might not be able to get back with you on this for a few days, please be patient.

[AdvancedSetup]

Please provide some feedback on this

[AdvancedSetup]

No reply, closing post