Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans, Trojans, And More...


  • This topic is locked This topic is locked
12 replies to this topic

#1 amads

amads

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 01 December 2007 - 05:37 AM

I have run spybot S&D and adaware probably a bizzilion times. I have trendmicro antivirus on the computer... yet it seems to get affected by different things in the past couple of weeks, virtuemondo, trojans, etc... i am not quite sure if i ever got it cleaned. This is the latest i got from adaware.

My wife and kids use this computer and so this becomes an emergency of sorts :thumbsup: Thanks in advance.


WIN32.TROJANDOWNLOADER.SMALL
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[28]=Process : C:\WINDOWS\system32\qommmki.dll
obj[29]=Process : C:\WINDOWS\system32\qommmki.dll
obj[30]=Process : C:\WINDOWS\system32\qommmki.dll
obj[31]=Process : C:\WINDOWS\system32\qommmki.dll
obj[32]=Process : C:\WINDOWS\system32\qommmki.dll
obj[55]=RegValue : .default\software\microsoft\windows\shellnoroam\muicache "@shell32.dll,-12693"
obj[56]=RegData : system\currentcontrolset\services\bits "Start"

ADWARE.ADMEDIA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[33]=Regkey : clsid\{8ca5ed52-f3fb-4414-a105-2e3491156990}
obj[34]=Regkey : typelib\{495874fe-4a82-4ad1-9476-0b957e0b95eb}
obj[35]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{8ca5ed52-f3fb-4414-a105-2e3491156990}
obj[57]=Regkey : interface\{e3ed53c5-7ad5-4df5-9734-afb6e7e5d9db}

WIN32.TROJANDOWNLOADER.ZLOB
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[36]=RegValue : software\microsoft\internet explorer\toolbar "{11a69ae4-fbed-4832-a2bf-45af82825583}"
obj[61]=File : c:\system volume information\tracking.log

ADWARE.ZENOSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[58]=File : C:\qoobox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir

WIN32.TROJAN.BHO
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[59]=File : C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\wnyjjlwo.dll.vir
obj[60]=File : C:\WINDOWS\SYSTEM32\xhajixtd.dll


The following is the hijackthis (I did deactive teatimer as instructed in another post):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:36:01 AM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://muslimmatters.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\qommmki.dll
O2 - BHO: EVoIpSessionCookie Class - {424B6AD1-785D-43e7-9C9B-AB96E77477D0} - C:\Program Files\attcv\Programs\EVoIPAxCtrls.dll
O2 - BHO: {9c588831-5044-66b9-7354-eb8d2166ad84} - {48da6612-d8be-4537-9b66-4405138885c9} - C:\WINDOWS\system32\hsdpobna.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\DOCUME~1\saba\Desktop\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC91E3A8-5DDF-4192-AF91-446B43536091} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\saba\LOCALS~1\Temp\winvsnet.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Jttr] "C:\Documents and Settings\saba\Application Data\F?nts\?serinit.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=5146f5b2-c987-4073-b08e-64ed37579cd7
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a4800804f2243888587201b31fca5cf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a4800804f2243888587201b31fca5cf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169267030000
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O20 - Winlogon Notify: qommmki - C:\WINDOWS\SYSTEM32\qommmki.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9646 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:25 AM

Posted 03 December 2007 - 02:43 PM

Hello amads,

Welcome to Bleeping Computer :thumbsup:

Please delete the version of ComboFix you have now. It's been updated. Be sure, like you did before, that Tea Timer is disabled.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 amads

amads
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 December 2007 - 08:13 PM

Thanks Tea!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:20 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://muslimmatters.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EVoIpSessionCookie Class - {424B6AD1-785D-43e7-9C9B-AB96E77477D0} - C:\Program Files\attcv\Programs\EVoIPAxCtrls.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\DOCUME~1\saba\Desktop\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC91E3A8-5DDF-4192-AF91-446B43536091} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Jttr] "C:\Documents and Settings\saba\Application Data\F?nts\?serinit.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=5146f5b2-c987-4073-b08e-64ed37579cd7
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a4800804f2243888587201b31fca5cf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a4800804f2243888587201b31fca5cf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169267030000
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9268 bytes



ComboFix 07-12-02.7 - saba 2007-12-03 19:55:38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1275 [GMT -5:00]
Running from: C:\Documents and Settings\saba\Desktop\virus stuff\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\hsdpobna.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkkhfcb.dll
C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\ljjgfed.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\opnljhi.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\qomljjj.dll
C:\WINDOWS\system32\qommmki.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vturs.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-03 20:01 . 2007-12-03 20:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2007-12-03 19:09 . 2007-12-03 19:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vtutr.dll
2007-12-03 16:09 . 2007-12-03 16:09 8,286 --a------ C:\WINDOWS\SYSTEM32\geedc.dll
2007-12-03 15:09 . 2007-12-03 15:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vtstt.dll
2007-12-03 14:09 . 2007-12-03 14:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vtsqo.dll
2007-12-03 08:09 . 2007-12-03 08:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vturo.dll
2007-12-03 07:09 . 2007-12-03 07:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ssqpn.dll
2007-12-03 06:09 . 2007-12-03 06:09 8,286 --a------ C:\WINDOWS\SYSTEM32\pmkjj.dll
2007-12-02 23:09 . 2007-12-02 23:09 8,286 --a------ C:\WINDOWS\SYSTEM32\mljjh.dll
2007-12-02 21:09 . 2007-12-02 21:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddabc.dll
2007-12-02 16:09 . 2007-12-02 16:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddcya.dll
2007-12-02 13:09 . 2007-12-02 13:09 8,286 --a------ C:\WINDOWS\SYSTEM32\pmkhh.dll
2007-12-02 12:09 . 2007-12-02 12:09 8,286 --a------ C:\WINDOWS\SYSTEM32\pmnnl.dll
2007-12-02 10:09 . 2007-12-02 10:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddayv.dll
2007-12-02 09:09 . 2007-12-02 09:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddaya.dll
2007-12-02 07:09 . 2007-12-03 00:09 8,286 --a------ C:\WINDOWS\SYSTEM32\gebyx.dll
2007-12-01 22:09 . 2007-12-02 08:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ssqpp.dll
2007-12-01 20:09 . 2007-12-01 20:09 8,286 --a------ C:\WINDOWS\SYSTEM32\sstqn.dll
2007-12-01 15:08 . 2007-12-01 15:08 8,286 --a------ C:\WINDOWS\SYSTEM32\pmnnm.dll
2007-12-01 14:08 . 2007-12-01 23:09 8,286 --a------ C:\WINDOWS\SYSTEM32\awtqn.dll
2007-12-01 12:08 . 2007-12-02 19:09 8,286 --a------ C:\WINDOWS\SYSTEM32\awtqq.dll
2007-12-01 11:08 . 2007-12-01 11:08 8,286 --a------ C:\WINDOWS\SYSTEM32\mljji.dll
2007-11-30 17:08 . 2007-11-30 17:08 8,286 --a------ C:\WINDOWS\SYSTEM32\pmnlk.dll
2007-11-30 16:08 . 2007-11-30 16:08 8,286 --a------ C:\WINDOWS\SYSTEM32\awvvt.dll
2007-11-30 15:08 . 2007-11-30 15:08 8,286 --a------ C:\WINDOWS\SYSTEM32\ddayw.dll
2007-11-30 14:08 . 2007-11-30 14:08 8,286 --a------ C:\WINDOWS\SYSTEM32\sstqr.dll
2007-11-30 13:08 . 2007-12-03 01:09 8,286 --a------ C:\WINDOWS\SYSTEM32\geedd.dll
2007-11-30 09:08 . 2007-11-30 09:08 8,286 --a------ C:\WINDOWS\SYSTEM32\awtqr.dll
2007-11-30 08:08 . 2007-11-30 08:08 8,286 --a------ C:\WINDOWS\SYSTEM32\awtsr.dll
2007-11-30 00:55 . 2007-11-30 00:55 8,286 --a------ C:\WINDOWS\SYSTEM32\awtqp.dll
2007-11-29 23:55 . 2007-12-03 04:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vtstr.dll
2007-11-29 22:12 . 2007-11-29 22:12 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-29 20:55 . 2007-12-02 20:09 8,286 --a------ C:\WINDOWS\SYSTEM32\jkhhg.dll
2007-11-29 19:55 . 2007-11-29 19:55 8,286 --a------ C:\WINDOWS\SYSTEM32\ssqrp.dll
2007-11-29 16:55 . 2007-12-03 12:09 8,286 --a------ C:\WINDOWS\SYSTEM32\geebc.dll
2007-11-29 15:55 . 2007-12-01 13:08 8,286 --a------ C:\WINDOWS\SYSTEM32\sstqq.dll
2007-11-29 14:55 . 2007-11-29 14:55 8,286 --a------ C:\WINDOWS\SYSTEM32\ssttr.dll
2007-11-29 13:55 . 2007-11-29 13:55 8,286 --a------ C:\WINDOWS\SYSTEM32\pmkhf.dll
2007-11-29 09:55 . 2007-11-29 09:55 8,286 --a------ C:\WINDOWS\SYSTEM32\pmkji.dll
2007-11-29 06:55 . 2007-12-01 09:08 8,286 --a------ C:\WINDOWS\SYSTEM32\gebcd.dll
2007-11-29 03:55 . 2007-11-29 18:55 8,286 --a------ C:\WINDOWS\SYSTEM32\vturp.dll
2007-11-29 01:55 . 2007-11-29 01:55 8,286 --a------ C:\WINDOWS\SYSTEM32\geede.dll
2007-11-29 00:55 . 2007-12-01 21:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddcyy.dll
2007-11-28 23:55 . 2007-11-28 23:55 8,286 --a------ C:\WINDOWS\SYSTEM32\vtuts.dll
2007-11-28 22:34 . 2007-11-28 22:34 <DIR> d-------- C:\VundoFix Backups
2007-11-27 20:22 . 2007-11-27 20:22 2,238 --a------ C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico
2007-11-27 19:49 . 2007-11-27 19:50 <DIR> d-------- C:\Program Files\SpyGuardPro
2007-11-27 12:12 . 2007-11-27 12:12 35,840 --a------ C:\WINDOWS\17PHolmes572.exe
2007-11-27 12:07 . 2007-11-27 12:07 35,840 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2007-11-13 16:03 . 2007-11-13 16:03 <DIR> d-------- C:\TEMP\HP_WebRelease__

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 10:12 --------- d-----w C:\Program Files\Trend Micro
2007-11-30 03:13 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-28 02:15 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-11-06 03:09 --------- d-----w C:\Documents and Settings\saba\Application Data\AdobeUM
2007-11-06 03:09 --------- d-----w C:\DOCUME~1\saba\APPLIC~1\AdobeUM
2007-10-28 04:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-10-20 05:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 08:52 --------- d-----w C:\Program Files\PopCap Games
2007-10-08 23:36 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-10-08 23:36 --------- d-----w C:\Program Files\Real
2007-03-31 16:19 64,000 ----a-w C:\Documents and Settings\saba\Application Data\GDIPFONTCACHEV1.DAT
2007-03-31 16:19 64,000 ----a-w C:\DOCUME~1\saba\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-04-02 04:28 63,592 -c--a-w C:\Documents and Settings\amad\Application Data\GDIPFONTCACHEV1.DAT
2004-12-03 17:37 242,907 ----a-w C:\Documents and Settings\amad\setup.exe
2004-09-26 16:31 0 -c--a-w C:\Documents and Settings\amad\WebExcl.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-28_21.57.30.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 08:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-11-29 02:55:49 52,764 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-04 01:08:37 52,764 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-11-29 02:55:50 380,350 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-04 01:08:38 380,350 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
C:\DOCUME~1\saba\Desktop\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC91E3A8-5DDF-4192-AF91-446B43536091}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ncao"="C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" []
"Jttr"="C:\Documents and Settings\saba\Application Data\F?nts\?serinit.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" [2006-06-02 15:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 05:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 22:45]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PAVWAIT.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljgd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 02:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 02:04 114741 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 11:27 28672 --a------ C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 08:59 126976 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 08:59 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jttr]
C:\Documents and Settings\saba\Application Data\F?nts\?serinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 12:22 57344 --a------ C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 17:32 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 13:00 200704 --a------ C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ncao]
C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]
C:\DOCUME~1\saba\LOCALS~1\Temp\winvsnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
2007-04-12 05:58 3429904 --a------ C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-26 20:47 204800 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
1999-10-07 13:43 469504 --a------ C:\Program Files\RamBooster\Rambooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 18:48 32881 --a------ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711);\??\C:\WINDOWS\system32\Drivers\NEOFLTR_550_11711.SYS
S3 DVC;USB DVC Svc;C:\WINDOWS\system32\Drivers\DVC.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys
S3 Uniden PCW 100 - Wireless 802.11b USB Adapter®;Uniden PCW 100 - Wireless 802.11b USB Adapter® Service for PCW 100 - Wireless 802.11b USB Adapter;C:\WINDOWS\system32\DRIVERS\vnetusbr.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 20:08:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 20:10:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-28 21:59
C:\ComboFix3.txt ... 2007-10-28 11:27
.
--- E O F ---

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:25 AM

Posted 03 December 2007 - 09:11 PM

Hello,

You're welcome. :blink:

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\DOCUME~1\saba\Desktop\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: (no name) - {DC91E3A8-5DDF-4192-AF91-446B43536091} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Jttr] "C:\Documents and Settings\saba\Application Data\F?nts\?serinit.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
Please also let me know how it's running. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 amads

amads
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 04 December 2007 - 08:43 PM

Thanks again for the help. Here is what you asked for:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:34:44 PM 12/4/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
HKU\S-1-5-21-2651309048-679617265-2142187933-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Downloads\Monopoly3-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\Scrabblev2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
:mozilla.397:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.101:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.102:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.103:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.104:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.105:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.106:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.107:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.108:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.109:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.110:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.111:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.112:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.113:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.114:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.115:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.116:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.117:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.118:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.119:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.120:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.121:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.122:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.123:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.124:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.125:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.126:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.188:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.241:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.242:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.264:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.305:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.38:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.419:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.453:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.494:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.495:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.599:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.59:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.608:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.620:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.637:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.63:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.667:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.99:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
C:\Documents and Settings\saba\Cookies\saba@msnportalbeetoffice2007.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.705:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Aavalue : Error during cleaning.
:mozilla.706:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Aavalue : Error during cleaning.
:mozilla.707:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Aavalue : Error during cleaning.
:mozilla.708:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Aavalue : Error during cleaning.
:mozilla.709:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Aavalue : Error during cleaning.
:mozilla.710:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Aavalue : Error during cleaning.
:mozilla.711:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Aavalue : Error during cleaning.
:mozilla.712:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Aavalue : Error during cleaning.
:mozilla.128:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.131:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.132:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.548:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.549:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning.
:mozilla.299:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Adobe : Error during cleaning.
:mozilla.236:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.237:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.238:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.239:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.241:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.242:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.243:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning.
:mozilla.47:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning.
:mozilla.48:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning.
:mozilla.49:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning.
C:\Documents and Settings\saba\Cookies\saba@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.128:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.129:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.130:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.131:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.132:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.133:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.138:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.139:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.140:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.141:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.80:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.81:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.83:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.84:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
:mozilla.124:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.14:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.16:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.56:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.222:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.448:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Bluestreak : Error during cleaning.
:mozilla.557:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning.
:mozilla.558:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning.
:mozilla.834:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.835:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@ads.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.335:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.208:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.336:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.337:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.338:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.286:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.287:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.288:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.289:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.294:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.295:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@vip2.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.338:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.371:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Cnn : Error during cleaning.
:mozilla.808:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.475:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.220:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.479:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.480:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.659:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Connextra : Error during cleaning.
:mozilla.623:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Coremetrics : Error during cleaning.
:mozilla.71:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.830:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Coremetrics : Error during cleaning.
:mozilla.223:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.224:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.225:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.226:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.773:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Dealtime : Error during cleaning.
:mozilla.774:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Dealtime : Error during cleaning.
:mozilla.775:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Dealtime : Error during cleaning.
:mozilla.10:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.23:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.70:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.76:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.227:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.228:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.229:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.230:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.231:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.232:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.233:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.234:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.235:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.236:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.237:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.327:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.762:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.763:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.764:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.801:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.802:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.803:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.804:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.805:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.806:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.860:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.861:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.877:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.919:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
:mozilla.200:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Euroclick : Error during cleaning.
:mozilla.26:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Euroclick : Error during cleaning.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Euroclick : Error during cleaning.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Euroclick : Error during cleaning.
:mozilla.406:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.407:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.272:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.273:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.274:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.275:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.657:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning.
:mozilla.18:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.208:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.209:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.210:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.211:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.212:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.213:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.214:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.215:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.43:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.44:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.45:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.929:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.930:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.141:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.143:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.144:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.145:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.146:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.148:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.372:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.389:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.390:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.391:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.392:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.517:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.673:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.674:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.683:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.684:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.814:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.815:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.816:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.817:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.820:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.821:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.911:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.913:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.914:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.837:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitslink : Error during cleaning.
:mozilla.838:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitslink : Error during cleaning.
:mozilla.839:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitslink : Error during cleaning.
:mozilla.840:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Hitslink : Error during cleaning.
:mozilla.253:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.254:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.258:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.259:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.356:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.357:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Imrworldwide : Error during cleaning.
:mozilla.571:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.300:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.301:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.302:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.328:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.329:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.330:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.356:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.357:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.665:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.668:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.878:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.879:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.880:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.133:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.151:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning.
:mozilla.152:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning.
:mozilla.219:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.220:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.6:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.192:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.23:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.267:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.398:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.399:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.400:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.401:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.676:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.344:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.378:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.552:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Paypal : Error during cleaning.
:mozilla.141:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.143:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.144:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.150:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.224:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.225:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.226:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.227:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.228:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.229:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.230:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.231:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.232:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.233:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.234:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.256:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
:mozilla.257:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
:mozilla.258:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
:mozilla.259:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
C:\Documents and Settings\saba\Cookies\saba@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.314:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.315:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.100:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.101:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.58:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning.
:mozilla.59:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning.
:mozilla.60:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning.
:mozilla.80:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.81:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.10:C:\Documents and Settings\naanoo\Application Data\Mozilla\Firefox\Profiles\vxc5ckfb.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.13:C:\Documents and Settings\naanoo\Application Data\Mozilla\Firefox\Profiles\vxc5ckfb.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.350:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Real : Error during cleaning.
:mozilla.351:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Real : Error during cleaning.
:mozilla.7:C:\Documents and Settings\naanoo\Application Data\Mozilla\Firefox\Profiles\vxc5ckfb.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.8:C:\Documents and Settings\naanoo\Application Data\Mozilla\Firefox\Profiles\vxc5ckfb.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.9:C:\Documents and Settings\naanoo\Application Data\Mozilla\Firefox\Profiles\vxc5ckfb.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.290:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Realmedia : Error during cleaning.
:mozilla.37:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Realmedia : Error during cleaning.
:mozilla.38:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Realmedia : Error during cleaning.
:mozilla.688:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.689:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.690:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.691:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.293:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.294:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.699:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.700:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.701:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.702:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.703:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.704:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.705:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.706:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.707:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.809:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.89:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.90:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.91:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.92:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.93:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.94:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.95:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.96:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.97:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Revsci : Error during cleaning.
:mozilla.217:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.218:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.24:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.27:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.28:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.29:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.30:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.31:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.32:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.33:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.79:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.80:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.81:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.297:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.298:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.299:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.300:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.640:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.641:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.642:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.643:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.644:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.73:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.74:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.75:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.76:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.77:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.78:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.79:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\saba\Cookies\saba@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.380:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.100:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.101:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.145:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.146:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.147:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.148:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.149:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.151:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.180:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.181:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.182:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.183:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.184:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.185:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.38:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.39:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.40:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.41:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.42:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.43:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.44:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.502:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning.
:mozilla.503:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Specificclick : Error during cleaning.
:mozilla.95:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.97:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.98:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.99:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.542:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Starware : Error during cleaning.
:mozilla.543:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Starware : Error during cleaning.
:mozilla.544:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Starware : Error during cleaning.
:mozilla.170:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.171:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.384:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Statcounter : Error during cleaning.
:mozilla.385:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Statcounter : Error during cleaning.
:mozilla.386:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Statcounter : Error during cleaning.
:mozilla.56:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.162:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.178:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.179:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.186:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.187:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.188:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.40:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.41:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.815:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.159:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tracking101 : Error during cleaning.
:mozilla.364:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tradedoubler : Error during cleaning.
:mozilla.22:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.24:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.25:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.26:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.27:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.28:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.29:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.30:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.318:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.319:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.31:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.50:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
:mozilla.51:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
:mozilla.52:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
:mozilla.53:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
:mozilla.54:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
:mozilla.55:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
:mozilla.56:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
:mozilla.57:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
:mozilla.753:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.754:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.755:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.756:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.757:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.758:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.759:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.760:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.761:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.11:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
:mozilla.202:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
:mozilla.320:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.12:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.13:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.328:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.329:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.330:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.779:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.780:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.781:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.350:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.426:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Webtrends : Error during cleaning.
:mozilla.848:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.280:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning.
:mozilla.284:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning.
:mozilla.365:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.125:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.160:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.161:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.252:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.253:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.254:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.256:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.257:C:\Documents and Settings\saba\Application Data\Mozilla\Firefox\Profiles\1jo932ep.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\canada\Application Data\Mozilla\Firefox\Profiles\e3uwtk91.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.152:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.153:C:\Documents and Settings\amad\Application Data\Mozilla\Firefox\Profiles\cir36emt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.337:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning.
:mozilla.338:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning.
:mozilla.339:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning.
:mozilla.500:C:\Program Files\support.com\backup\co\cookies.txt\111662_5a322649d_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning.
C:\Documents and Settings\amad\WINDOWS\Kaaba Screensaver.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined).
C:\I386\Bouncing Crescents II.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined).
C:\I386\Kaaba Screensaver.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Bouncing Crescents II.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Kaaba Screensaver.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\wcpsvsu.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:32 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://muslimmatters.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EVoIpSessionCookie Class - {424B6AD1-785D-43e7-9C9B-AB96E77477D0} - C:\Program Files\attcv\Programs\EVoIPAxCtrls.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC91E3A8-5DDF-4192-AF91-446B43536091} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Jttr] "C:\Documents and Settings\saba\Application Data\F?nts\?serinit.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=5146f5b2-c987-4073-b08e-64ed37579cd7
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a4800804f2243888587201b31fca5cf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a4800804f2243888587201b31fca5cf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169267030000
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9564 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:25 AM

Posted 05 December 2007 - 06:43 PM

Hello,

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: (no name) - {DC91E3A8-5DDF-4192-AF91-446B43536091} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Jttr] "C:\Documents and Settings\saba\Application Data\F?nts\?serinit.exe"


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Please run ComboFix again and post the report in your reply. How is it running now? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 amads

amads
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 05 December 2007 - 11:09 PM

ComboFix 07-12-02.7 - saba 2007-12-05 23:01:17.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1354 [GMT -5:00]
Running from: C:\Documents and Settings\saba\Desktop\virus stuff\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-05 22:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2007-12-05 22:42 . 2007-12-05 22:43 <DIR> d-------- C:\Program Files\Java
2007-12-04 18:48 . 2007-12-04 18:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-04 18:38 . 2007-12-04 18:38 <DIR> d-------- C:\Documents and Settings\saba\Application Data\Grisoft
2007-12-04 18:38 . 2007-12-04 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 18:38 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-12-03 20:01 . 2007-12-03 20:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2007-12-03 19:09 . 2007-12-03 19:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vtutr.dll
2007-12-03 16:09 . 2007-12-03 16:09 8,286 --a------ C:\WINDOWS\SYSTEM32\geedc.dll
2007-12-03 15:09 . 2007-12-03 15:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vtstt.dll
2007-12-03 14:09 . 2007-12-03 14:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vtsqo.dll
2007-12-03 08:09 . 2007-12-03 08:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vturo.dll
2007-12-03 07:09 . 2007-12-03 07:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ssqpn.dll
2007-12-03 06:09 . 2007-12-03 06:09 8,286 --a------ C:\WINDOWS\SYSTEM32\pmkjj.dll
2007-12-02 23:09 . 2007-12-02 23:09 8,286 --a------ C:\WINDOWS\SYSTEM32\mljjh.dll
2007-12-02 21:09 . 2007-12-02 21:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddabc.dll
2007-12-02 16:09 . 2007-12-02 16:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddcya.dll
2007-12-02 13:09 . 2007-12-02 13:09 8,286 --a------ C:\WINDOWS\SYSTEM32\pmkhh.dll
2007-12-02 12:09 . 2007-12-02 12:09 8,286 --a------ C:\WINDOWS\SYSTEM32\pmnnl.dll
2007-12-02 10:09 . 2007-12-02 10:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddayv.dll
2007-12-02 09:09 . 2007-12-02 09:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddaya.dll
2007-12-02 07:09 . 2007-12-03 00:09 8,286 --a------ C:\WINDOWS\SYSTEM32\gebyx.dll
2007-12-01 22:09 . 2007-12-02 08:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ssqpp.dll
2007-12-01 20:09 . 2007-12-01 20:09 8,286 --a------ C:\WINDOWS\SYSTEM32\sstqn.dll
2007-12-01 15:08 . 2007-12-01 15:08 8,286 --a------ C:\WINDOWS\SYSTEM32\pmnnm.dll
2007-12-01 14:08 . 2007-12-01 23:09 8,286 --a------ C:\WINDOWS\SYSTEM32\awtqn.dll
2007-12-01 12:08 . 2007-12-02 19:09 8,286 --a------ C:\WINDOWS\SYSTEM32\awtqq.dll
2007-12-01 11:08 . 2007-12-01 11:08 8,286 --a------ C:\WINDOWS\SYSTEM32\mljji.dll
2007-11-30 17:08 . 2007-11-30 17:08 8,286 --a------ C:\WINDOWS\SYSTEM32\pmnlk.dll
2007-11-30 16:08 . 2007-11-30 16:08 8,286 --a------ C:\WINDOWS\SYSTEM32\awvvt.dll
2007-11-30 15:08 . 2007-11-30 15:08 8,286 --a------ C:\WINDOWS\SYSTEM32\ddayw.dll
2007-11-30 14:08 . 2007-11-30 14:08 8,286 --a------ C:\WINDOWS\SYSTEM32\sstqr.dll
2007-11-30 13:08 . 2007-12-03 01:09 8,286 --a------ C:\WINDOWS\SYSTEM32\geedd.dll
2007-11-30 09:08 . 2007-11-30 09:08 8,286 --a------ C:\WINDOWS\SYSTEM32\awtqr.dll
2007-11-30 08:08 . 2007-11-30 08:08 8,286 --a------ C:\WINDOWS\SYSTEM32\awtsr.dll
2007-11-30 00:55 . 2007-11-30 00:55 8,286 --a------ C:\WINDOWS\SYSTEM32\awtqp.dll
2007-11-29 23:55 . 2007-12-03 04:09 8,286 --a------ C:\WINDOWS\SYSTEM32\vtstr.dll
2007-11-29 22:12 . 2007-11-29 22:12 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-29 20:55 . 2007-12-02 20:09 8,286 --a------ C:\WINDOWS\SYSTEM32\jkhhg.dll
2007-11-29 19:55 . 2007-11-29 19:55 8,286 --a------ C:\WINDOWS\SYSTEM32\ssqrp.dll
2007-11-29 16:55 . 2007-12-03 12:09 8,286 --a------ C:\WINDOWS\SYSTEM32\geebc.dll
2007-11-29 15:55 . 2007-12-01 13:08 8,286 --a------ C:\WINDOWS\SYSTEM32\sstqq.dll
2007-11-29 14:55 . 2007-11-29 14:55 8,286 --a------ C:\WINDOWS\SYSTEM32\ssttr.dll
2007-11-29 13:55 . 2007-11-29 13:55 8,286 --a------ C:\WINDOWS\SYSTEM32\pmkhf.dll
2007-11-29 09:55 . 2007-11-29 09:55 8,286 --a------ C:\WINDOWS\SYSTEM32\pmkji.dll
2007-11-29 06:55 . 2007-12-01 09:08 8,286 --a------ C:\WINDOWS\SYSTEM32\gebcd.dll
2007-11-29 03:55 . 2007-11-29 18:55 8,286 --a------ C:\WINDOWS\SYSTEM32\vturp.dll
2007-11-29 01:55 . 2007-11-29 01:55 8,286 --a------ C:\WINDOWS\SYSTEM32\geede.dll
2007-11-29 00:55 . 2007-12-01 21:09 8,286 --a------ C:\WINDOWS\SYSTEM32\ddcyy.dll
2007-11-28 23:55 . 2007-11-28 23:55 8,286 --a------ C:\WINDOWS\SYSTEM32\vtuts.dll
2007-11-28 22:34 . 2007-11-28 22:34 <DIR> d-------- C:\VundoFix Backups
2007-11-27 20:22 . 2007-11-27 20:22 2,238 --a------ C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico
2007-11-27 19:49 . 2007-11-27 19:50 <DIR> d-------- C:\Program Files\SpyGuardPro
2007-11-27 12:12 . 2007-11-27 12:12 35,840 --a------ C:\WINDOWS\17PHolmes572.exe
2007-11-27 12:07 . 2007-11-27 12:07 35,840 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2007-11-13 16:03 . 2007-11-13 16:03 <DIR> d-------- C:\TEMP\HP_WebRelease__

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 10:12 --------- d-----w C:\Program Files\Trend Micro
2007-11-30 03:13 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-28 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 03:09 --------- d-----w C:\Documents and Settings\saba\Application Data\AdobeUM
2007-10-28 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-24 23:29 7,713 ----a-w C:\WINDOWS\SYSTEM32\ldcore(3).dll
2007-10-20 05:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 08:52 --------- d-----w C:\Program Files\PopCap Games
2007-10-08 23:36 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-10-08 23:36 --------- d-----w C:\Program Files\Real
2007-03-31 16:19 64,000 ----a-w C:\Documents and Settings\saba\Application Data\GDIPFONTCACHEV1.DAT
2005-04-02 04:28 63,592 -c--a-w C:\Documents and Settings\amad\Application Data\GDIPFONTCACHEV1.DAT
2004-12-03 17:37 242,907 ----a-w C:\Documents and Settings\amad\setup.exe
2004-09-26 16:31 0 -c--a-w C:\Documents and Settings\amad\WebExcl.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-28_21.57.30.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 08:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2003-11-19 22:36:26 24,681 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2003-11-19 22:36:30 28,779 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2007-11-29 02:55:49 52,764 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-06 03:59:14 52,764 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-11-29 02:55:50 380,350 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-06 03:59:14 380,350 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Ncao"="C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" [2006-06-02 15:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 05:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 22:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PAVWAIT.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 02:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 02:04 114741 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 11:27 28672 --a------ C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 08:59 126976 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 08:59 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jttr]
C:\Documents and Settings\saba\Application Data\F?nts\?serinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 12:22 57344 --a------ C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 17:32 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 13:00 200704 --a------ C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ncao]
C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]
C:\DOCUME~1\saba\LOCALS~1\Temp\winvsnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
2007-04-12 05:58 3429904 --a------ C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-26 20:47 204800 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
1999-10-07 13:43 469504 --a------ C:\Program Files\RamBooster\Rambooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711);\??\C:\WINDOWS\system32\Drivers\NEOFLTR_550_11711.SYS
S3 DVC;USB DVC Svc;C:\WINDOWS\system32\Drivers\DVC.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys
S3 Uniden PCW 100 - Wireless 802.11b USB Adapter®;Uniden PCW 100 - Wireless 802.11b USB Adapter® Service for PCW 100 - Wireless 802.11b USB Adapter;C:\WINDOWS\system32\DRIVERS\vnetusbr.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 03:21:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2003-11-29 00:13:17 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 23:05:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 23:06:57
C:\ComboFix2.txt ... 2007-12-03 20:10
C:\ComboFix3.txt ... 2007-11-28 21:59
.
--- E O F ---

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:25 AM

Posted 05 December 2007 - 11:22 PM

Hello,

How is it running please? Can I see a new HijackThis log? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 amads

amads
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 06 December 2007 - 08:13 PM

Tea, computer seems to be running better.. don't have the internet opening up for no reason :thumbsup: Do the logs look clean?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:04 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://muslimmatters.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EVoIpSessionCookie Class - {424B6AD1-785D-43e7-9C9B-AB96E77477D0} - C:\Program Files\attcv\Programs\EVoIPAxCtrls.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=5146f5b2-c987-4073-b08e-64ed37579cd7
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a4800804f2243888587201b31fca5cf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a4800804f2243888587201b31fca5cf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169267030000
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9246 bytes

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:25 AM

Posted 07 December 2007 - 11:12 PM

Hello,

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" -vt yazb

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer. Please post a new HijackThis log in your reply. :thumbsup: Still running all right?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 amads

amads
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 08 December 2007 - 05:24 PM

ok, i am getting some trojan "catches" on trendmicro:

12/8/2007 D18V6T31
Time Security Feature Source Type Virus Name File Name First Action Second Action
1:55 File Monitor File TROJ_AGENT.XFB C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP18\A0001552.exe Quarantine Success

Virus Scan Logs 12/7/2007 D18V6T31
Time Security Feature Source Type Virus Name File Name First Action Second Action
12:29 Manual Scan File TROJ_AGENT.XFB C:\qoobox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Quarantine Success
12:29 Manual Scan File TROJ_OBFUSCA.ED C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\jkkhfcb.dll.vir Quarantine Success
12:29 Manual Scan File TROJ_OBFUSCA.ED C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ljjgfed.dll.vir Quarantine Success
12:29 Manual Scan File TROJ_OBFUSCA.ED C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\opnljhi.dll.vir Quarantine Success
12:29 Manual Scan File TROJ_OBFUSCA.ED C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\qomljjj.dll.vir Quarantine Success
12:30 Manual Scan File TROJ_OBFUSCA.ED qommmki.dll (C:\qoobox\Quarantine\catchme2007-12-03_200803.20.zip) Quarantine Fail
12:30 Manual Scan File --- C:\qoobox\Quarantine\catchme2007-12-03_200803.20.zip Quarantine Success
12:35 Manual Scan File TROJ_AGENT.XFB C:\WINDOWS\17PHolmes572.exe Quarantine Success
12:39 Manual Scan File TROJ_AGENT.XFB C:\WINDOWS\mrofinu572.exe.tmp Quarantine Success

Here's the hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:32 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://muslimmatters.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EVoIpSessionCookie Class - {424B6AD1-785D-43e7-9C9B-AB96E77477D0} - C:\Program Files\attcv\Programs\EVoIPAxCtrls.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=5146f5b2-c987-4073-b08e-64ed37579cd7
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a4800804f2243888587201b31fca5cf
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a4800804f2243888587201b31fca5cf
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169267030000
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9186 bytes

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:25 AM

Posted 08 December 2007 - 05:41 PM

Hello,

Those are no problem, and not a threat. We'll take care of them now. :thumbsup:

I want you to navigate to and delete this folder, if present: C:\DOCUME~1\saba\MYDOCU~1\SSTEM~1 <----there may be more letters after SSTEM, but that will be what it starts with.

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Now rerun your scan, and let me know what it says in your reply, as well as post a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:25 AM

Posted 13 December 2007 - 02:55 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users