Multiple trojans and virus again!

**citywomanpg** · 2008-01-28, 14:25

Hi,

I'd been helped, with success, in this forum before and now seem to have become re-infected by multiple virus and trojans!

My warning was when Norton caught one trojan. I ran the Norton scan which quarantined several trojans and viruses, then Spybot (though not in safe mode) which cleared several items.

After these events is when I ran Kaspersky and Hijackthis with the logs posted below.

Please help!!

Citywomanpg

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:07 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\citywomanpg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.continental.att.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {1357DF32-2919-4940-829C-8351F3FC9E71} - (no file)
O2 - BHO: (no name) - {29bff808-ea66-4271-8cc8-e88ec578a3c0} - (no file)
O2 - BHO: (no name) - {36C3C907-6601-4D81-9941-18536FF6F333} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {902D12F5-5C38-4FF4-B502-046BF76F964F} - (no file)
O2 - BHO: (no name) - {98EC3C07-82E6-AE41-BB29-F88A36F17FC2} - (no file)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: (no name) - {DFF0EC50-5078-48C0-B1C6-B59FFB79F878} - (no file)
O2 - BHO: (no name) - {E695B13B-F73F-43BE-8AD6-3538A6B7C13E} - (no file)
O2 - BHO: (no name) - {FC740BEF-E8CB-4723-A61E-55156285E421} - (no file)
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Update ThinkPad Software - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} -
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akonix.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} -
O16 - DPF: {F545C0D0-4327-48FF-B27F-2AFE254E4FF2} (ActiveFrame Object) - http://icu.riverstyx.net/icumediacontrol.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: hggghhg - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9887 bytes

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 28, 2008 8:07:10 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/01/2008
Kaspersky Anti-Virus database records: 534402
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 103831
Number of viruses found: 9
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 02:37:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E40000.VBN Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E40004.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E40006.VBN Infected: Trojan.Win32.Agent.cmn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E40008.VBN Infected: Trojan-Downloader.Win32.Agent.emo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E4000C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.agh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E40010.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.agh skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\cert8.db Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\history.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\key3.db Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\parent.lock Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\search.sqlite Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\hsperfdata_user\3440 Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\WCESCOMM.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFF4C3.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\user\Application Data\FNTS~1\nοpdb.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gj skipped
C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped
C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\System Volume Information\_restore{79AAA868-417C-43DB-A56F-64DCD4ED93E8}\RP35\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0B6A668C-2267-41C6-A04D-C36414723E5B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_960.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

**katana** · 2008-01-30, 15:50

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

There is no active malware showing in your log, are you having any problems other than the security warings ?

Disable Teatimer
First step:

Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.continental.att.net
O2 - BHO: (no name) - {1357DF32-2919-4940-829C-8351F3FC9E71} - (no file)
O2 - BHO: (no name) - {29bff808-ea66-4271-8cc8-e88ec578a3c0} - (no file)
O2 - BHO: (no name) - {36C3C907-6601-4D81-9941-18536FF6F333} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {902D12F5-5C38-4FF4-B502-046BF76F964F} - (no file)
O2 - BHO: (no name) - {98EC3C07-82E6-AE41-BB29-F88A36F17FC2} - (no file)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: (no name) - {DFF0EC50-5078-48C0-B1C6-B59FFB79F878} - (no file)
O2 - BHO: (no name) - {E695B13B-F73F-43BE-8AD6-3538A6B7C13E} - (no file)
O2 - BHO: (no name) - {FC740BEF-E8CB-4723-A61E-55156285E421} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} -
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} -
O20 - Winlogon Notify: hggghhg - C:\WINDOWS\

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Installed Programs
Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Please post the installed programs list with a fresh HJT log in your reply.

**citywomanpg** · 2008-01-30, 21:46

Hello Katana,

Thank you for assisting me. Ever since I got the warnings, I've become afraid to use my computer because of how badly I was infected the last time (Shaba helped me clear the malware that time in Nov, 2007). It took over a week to clear everything out, with the time difference in communicating, etc.!

That time I'd downloaded a program from a fileshare site (I know, not a good idea). I learned my lesson and have gone only to legitimate websites/ businesses. The only difference is that I attached and accessed some files on an external hard drive I have. Could I have gotten infected by something on that drive? I forgot to include it in the original Kaspersky scan. Should I scan that using Kaspersky and post that also?

Citywoman.

--------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:23 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Update ThinkPad Software - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akonix.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab
O16 - DPF: {F545C0D0-4327-48FF-B27F-2AFE254E4FF2} (ActiveFrame Object) - http://icu.riverstyx.net/icumediacontrol.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 7739 bytes

List of Installed programs
Access ThinkPad
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Image Viewer Plugin 4.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
ArcSoft Camera Suite 1.3
ATI Control Panel
ATI Display Driver
Better Homes and Gardens Home Designer Suite 6.0
BlueSoleil
C:\PROGRA~1\LEXMAR~1
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
COMODO Firewall Pro
DivX
DivX Player
FinePixViewer Ver.4.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
hp instant support
HP Officejet Pro All-In-One Series
HP Photo Printing Software
HP Photosmart Essential
hp psc 900 series
HP Share-to-Web
HP Solution Center 7.0
HP Update
IBM Access Connections
IBM DLA
IBM High Rate Wireless LAN MiniPCI Combo Card
IBM RecordNow
IBM ThinkPad Access Support
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
IBM Update Connector
ImageMixer VCD for FinePix
Intel(R) PRO Ethernet Adapter and Software
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Live Meeting 2005 Replay Wrapper
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.11)
MPM
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
OCR Software by I.R.I.S 7.0
Panicware Pop-Up Stopper
PCmover
PrimoPDF
QuickBooks Product Listing Service
QuickBooks Simple Start Free Starter Edition
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Series 7
Skype 3.0
Skype Plugin Manager
SoundMAX
Spybot - Search & Destroy 1.3
Support.com Software
SupportSoft Assisted Service
Symantec AntiVirus Client
TaxCut Premium 2006
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Uninstall PC-Doctor
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VERITAS StorageGuard
WavePad Uninstall
WebEx
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Support Tools
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Messenger

**katana** · 2008-01-30, 23:41

It is possible that the external drive was infected, connect it and then do the following

Spybot has been updated, so you need to install the latest version when we are finished

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u4
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1

Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK

Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.

Please post both logs in reply

**citywomanpg** · 2008-01-31, 12:50

Hi Katana,

That total scan allowed for a lot more time than for a cup of tea!

I'll have to post the logs you requested in multiple postings, as they're too long to put in one post....

Citywoman

ComboFix 08-01-31.1 - user 2008-01-30 20:14:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\g2mdlhlpx.exe
C:\WINDOWS\system32\ddpfvhji.ini
C:\WINDOWS\system32\gevqbofp.ini
C:\WINDOWS\system32\kyyshman.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-30 20:13 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-30 20:13 . 2007-11-07 10:19 212 --a------ C:\Boot.bak
2008-01-30 19:10 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-30 19:09 . 2008-01-30 19:10 <DIR> d-------- C:\Program Files\Java
2008-01-30 19:08 . 2008-01-30 19:08 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-04 11:03 . 2007-12-04 11:03 <DIR> d-------- C:\Program Files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 23:59 --------- d-----w C:\Program Files\PC-Doctor for Windows
2008-01-28 15:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 15:32 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2008-01-09 21:49 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
2008-01-04 19:42 --------- d-----w C:\Documents and Settings\user\Application Data\RecordNow
2007-12-24 14:33 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-08 18:24 --------- d-----w C:\Program Files\TechSmith
2007-12-06 16:31 --------- d-----w C:\Documents and Settings\user\Application Data\Image Zone Express
2007-11-07 13:36 83,208 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-30 22:40 28,672 ----a-w C:\Documents and Settings\user\update.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 03:53 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-04-14 12:28 38,968 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2001-08-18 13:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28 549,376 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2001-06-25 21:23 401493]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-12 16:03 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"TrackPointSrv"="tp4serv.exe" [2004-10-28 03:50 94208 C:\WINDOWS\system32\tp4serv.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-11-17 00:48 94208]
"UC_SMB"="" []
"StorageGuard"="C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" [2002-02-28 04:00 155648]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-03-14 06:25 102455]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-01 21:10 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-08-25 01:37 110592]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-08-25 01:37 20480]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-08-25 01:37 395776]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-02-01 03:07 86016]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 02:10 212992]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-27 02:47 36864]
"AEIWLSTA.EXE"="AEIWLSTA.exe" [2002-05-13 14:17 214016 C:\WINDOWS\system32\AEIWLSTA.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 00:21 90112]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-07 10:19 1115728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2007-07-19 14:33:21 1593]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-04-18 13:54:43 200704]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-09 17:13:18 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-02-01 03:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 20:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Lexmark X83 Button Monitor"=C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
"Tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe /server"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Host Process"=C:\WINDOWS\Fonts\svchost.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Lexmark X83 Button Manager"=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-02-01 03:07]
R1 DSMBATT;DSMBATT;C:\WINDOWS\system32\drivers\DSMBATT.SYS [2002-04-04 16:00]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2005-02-01 03:07]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-08-25 01:37]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;C:\WINDOWS\system32\DRIVERS\AEIWLNDS.sys [2002-05-13 14:09]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2004-10-28 03:50]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys []
S3 ATHFMWDL;NETGEAR WG111T Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2005-02-01 03:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 00:30:12 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 20:17:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-01-30 20:18:34
ComboFix-quarantined-files.txt 2008-01-31 01:17:55
ComboFix2.txt 2007-11-06 16:45:04
ComboFix3.txt 2007-11-06 15:43:49
.
2007-12-27 06:00:01 --- E O F ---

------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:35 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Update ThinkPad Software - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akonix.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab
O16 - DPF: {F545C0D0-4327-48FF-B27F-2AFE254E4FF2} (ActiveFrame Object) - http://icu.riverstyx.net/icumediacontrol.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 8299 bytes

**citywomanpg** · 2008-01-31, 12:56

Katana,

I'll have to post the TotalScan results in 4 posts, as the file is around 69k characters. This is post 1 of 4....

On another note, did you want me to re-enable the TeaTimer in Spybot yet?

Citywoman

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-31 06:37:58
PROTECTIONS: 2
MALWARE: 80
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 8.0 No Yes
Norton Antivirus Edition 7.5 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020942 adware/exact.bargainbuddy Adware No 0 Yes No c:\windows\launcher.exe
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00029457 adware/toprebates Adware No 0 Yes No c:\program files\websavingsfromebates
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\user\favorites\health
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
00090908 Exploit/ByteVerify HackTools No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-18f08ee7-6e57549e.zip[Gummy.class]
00090908 Exploit/ByteVerify HackTools No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-18f08ee7-6e57549e.zip[Gummy.class]
00096188 spyware/searchcentrix Spyware No 1 Yes No hkey_current_user\software\dynamic toolbar
00103551 adware/windowenhancer Adware No 0 Yes No c:\windows\system32\sbutils
00116361 Spyware/Support Spyware No 0 Yes No C:\System Volume Information\_restore{79AAA868-417C-43DB-A56F-64DCD4ED93E8}\RP46\A0003343.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.atdmt.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8gk1wu7.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8gk1wu7.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8gk1wu7.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.247realmedia.com/]
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.targetnet.com/]
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.targetnet.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]

**citywomanpg** · 2008-01-31, 12:59

This is post 2 of 4 for the TotalScan...

00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.fastclick.net/]
00145466 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[servedby.advertising.com/]
00145466 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[servedby.advertising.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.mediaplex.com/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@centrport[1].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@centrport[2].txt
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@paycounter[1].txt
00147805 Cookie/Abcsearch TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.abcsearch.com/]
00147805 Cookie/Abcsearch TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.abcsearch.com/]
00147805 Cookie/Abcsearch TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.abcsearch.com/]
00147805 Cookie/Abcsearch TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.abcsearch.com/]
00147805 Cookie/Abcsearch TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@abcsearch[1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.maxserving.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@ccbill[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@belnk[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.belnk.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.belnk.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.revenue.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.revenue.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@revenue[2].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@dist.belnk[2].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@kinghost[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.com.com/]
00167659 Cookie/TeensForCash TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@teensforcash[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[landing.domainsponsor.com/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@landing.domainsponsor[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[landing.domainsponsor.com/]
00167677 Cookie/WebPower TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@webpower[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167733 Cookie/Adserver TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@z1.adserver[1].txt
00167733 Cookie/Adserver TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.z1.adserver.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.statcounter.com/]
00167767 Cookie/WegCash TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@programs.wegcash[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]

**citywomanpg** · 2008-01-31, 13:00

This is post 3 of 4 of the TotalScan....

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@www.burstbeacon[1].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@as-us.falkag[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[server.iad.liveperson.net/hc/33645339]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[server.iad.liveperson.net/hc/LPintranets_busdev]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[server.iad.liveperson.net/hc/70365536]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[server.iad.liveperson.net/hc/33645339]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[server.iad.liveperson.net/hc/LPintranets_busdev]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[server.iad.liveperson.net/hc/70365536]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@ads.pointroll[1].txt
00170535 Cookie/GoClick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@c.goclick[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.realmedia.com/]
00171718 Cookie/Enhance TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[c.enhance.com/]
00171718 Cookie/Enhance TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[c.enhance.com/]
00171718 Cookie/Enhance TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@c.enhance[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.zedo.com/]

**citywomanpg** · 2008-01-31, 13:04

This is the last post, 4 of 4, of the TotalScan ...

00172221 Cookie/Zedo TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.bluestreak.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@cs.sexcounter[2].txt
00179779 Cookie/Errorguard TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.errorguard.com/]
00179779 Cookie/Errorguard TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.errorguard.com/]
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@xxxcounter[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.go.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.valueclick.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.valueclick.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.valueclick.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.valueclick.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@searchportal.information[1].txt
00207712 Cookie/360i TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@ct.360i[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.did-it.com/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.adviva.net/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.adviva.net/]
00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys
00250251 Adware/ISearch Adware No 0 No No C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir[MTE3MTk6ODoxNg.exe]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR13\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - advanced recovery\LOSTFILE\DIR14\Mozilla\Firefox\Profiles\yu7j7aao.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\up5r2t7c.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@cgi-bin[8].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@ads.addynamix[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No F:\Active\Mail\Naveen\Jan 23 recovery\recover Jan23 - deleted recovery\LOSTFILE\DIR6\naggarwal@citi.bridgetrack[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@citi.bridgetrack[1].txt
00392623 Adware/ActiveSearch Adware No 0 No No C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir[²ÜÇ\Services.dll]
00463502 Generic Trojan Virus/Trojan No 0 Yes No C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{79AAA868-417C-43DB-A56F-64DCD4ED93E8}\RP48\A0004228.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{79AAA868-417C-43DB-A56F-64DCD4ED93E8}\RP47\A0004158.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{79AAA868-417C-43DB-A56F-64DCD4ED93E8}\RP48\A0004216.com
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\user\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\user\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\Cache\6D952C06d01[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{79AAA868-417C-43DB-A56F-64DCD4ED93E8}\RP48\A0004231.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{79AAA868-417C-43DB-A56F-64DCD4ED93E8}\RP48\A0004258.com
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\e7o1qgck.default\Cache\6D952C06d01[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{79AAA868-417C-43DB-A56F-64DCD4ED93E8}\RP47\A0004183.com
02663232 Adware/PurityScan Adware No 0 Yes No C:\qoobox\Quarantine\C\Documents and Settings\user\Application Data\FNTS~1\nοpdb.exe.vir
02673158 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

**citywomanpg** · 2008-01-31, 13:28

Katana,

I forgot to ask about re-enabling my Norton realtime protection also. I assume you'd want me to keep the computer protected, so I've re-enabled Norton, but am waiting for your direction on re-enabling Teatimer in Spybot.

Thanks,
Citywomanpg

Thread: Multiple trojans and virus again!

Thread Tools

Display

Multiple trojans and virus again!

Posting Permissions