1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

razeware/trojan still on my roommates vaio

Discussion in 'Virus & Other Malware Removal' started by sfbavier, Jul 12, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    hey all-

    my roommate got the notorious razespyware on his computer, and after following the instructions on the other razeware threads i managed to restore his desktop, and his performance is much better; however, firefox freezes whenever you open it up. avg, adaware, spybot, smitRem, ewido, spyhunter, you name it i've tried it. spyhunter and ewido always freeze when they get about half way through.

    also as soon as you connect to the internet avg pops up saying there's a trojan located C:\\WINDOWS\system32\{3EEA08A2-CF98-415B-8094--079CAC8DFFF3}.exe if you heal the virus it says it's healed but will pop up again sometime in the next 15-20 minutes.

    thanks in advance

    here's the hijackthis log file

    Logfile of HijackThis v1.99.1
    Scan saved at 2:30:16 PM, on 7/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    D:\iTunes\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\DOCUME~1\BRYANB~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
    R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    O4 - HKLM\..\Run: [stratas] lockx.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [exe.sonmd] C:\WINDOWS\System32\dmnos.exe
    O4 - HKLM\..\Run: [exe.rremd] C:\WINDOWS\System32\dmerr.exe
    O4 - HKLM\..\Run: [br0ken] teqq32.exe
    O4 - HKLM\..\Run: [RtlFindVal] SysEntry.exe
    O4 - HKLM\..\Run: [exe.avqmd] C:\WINDOWS\System32\dmqva.exe
    O4 - HKLM\..\Run: [exe.jutmd] C:\WINDOWS\System32\dmtuj.exe
    O4 - HKLM\..\Run: [exe.izcmd] C:\WINDOWS\System32\dmczi.exe
    O4 - HKLM\..\Run: [exe.ijsmd] C:\WINDOWS\System32\dmsji.exe
    O4 - HKLM\..\Run: [exe.xfmmd] C:\WINDOWS\System32\dmmfx.exe
    O4 - HKLM\..\Run: [exe.jnemd] C:\WINDOWS\System32\dmenj.exe
    O4 - HKLM\..\Run: [exe.slhmd] C:\WINDOWS\System32\dmhls.exe
    O4 - HKLM\..\Run: [exe.srtmd] C:\WINDOWS\System32\dmtrs.exe
    O4 - HKLM\..\Run: [exe.ibumd] C:\WINDOWS\System32\dmubi.exe
    O4 - HKLM\..\Run: [exe.xwbmd] C:\WINDOWS\System32\dmbwx.exe
    O4 - HKLM\..\Run: [exe.qlrmd] C:\WINDOWS\System32\dmrlq.exe
    O4 - HKLM\..\Run: [exe.kbtmd] C:\WINDOWS\System32\dmtbk.exe
    O4 - HKLM\..\Run: [exe.jmcmd] C:\WINDOWS\System32\dmcmj.exe
    O4 - HKLM\..\Run: [exe.hpemd] C:\WINDOWS\System32\dmeph.exe
    O4 - HKLM\..\Run: [exe.btumd] C:\WINDOWS\System32\dmutb.exe
    O4 - HKLM\..\Run: [exe.aobmd] C:\WINDOWS\System32\dmboa.exe
    O4 - HKLM\..\Run: [exe.ipbmd] C:\WINDOWS\System32\dmbpi.exe
    O4 - HKLM\..\Run: [exe.irwmd] C:\WINDOWS\System32\dmwri.exe
    O4 - HKLM\..\Run: [exe.jjqmd] C:\WINDOWS\System32\dmqjj.exe
    O4 - HKLM\..\Run: [exe.nyymd] C:\WINDOWS\System32\dmyyn.exe
    O4 - HKLM\..\Run: [exe.kaqmd] C:\WINDOWS\System32\dmqak.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [utsgmon] UserSp1.exe
    O4 - HKLM\..\Run: [xsetup] forces_elite.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [wfznu.exe] C:\WINDOWS\System32\wfznu.exe
    O4 - HKLM\..\RunServices: [stratas] lockx.exe
    O4 - HKCU\..\Run: [stratas] lockx.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
    O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
    O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
    O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
    O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
    O4 - HKCU\..\Run: [InpriseMon] backd.exe
    O4 - HKCU\..\Run: [control64] KeywordFinder.exe
    O4 - HKCU\..\Run: [PasswdMon] uio.exe
    O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{57A6123E-9C77-4FD8-A740-AD1181456177}: NameServer = 85.255.116.57,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\..\{740C67F9-624F-48DE-922A-DE86C2311CC8}: NameServer = 85.255.116.57,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C38D840B-ADAA-4180-B6D6-651DF27A3249}: NameServer = 85.255.116.57,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E80B983B-A579-48B9-B7E3-E58C24FF5627}: NameServer = 85.255.116.57,85.255.112.156
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Please save or print these instructions before beginning.

    Save FixWareOut to your Desktop

    Run FixWareout and click Next>>Insatll
    Make sure Run Fixit is checked and click Finish, then follow the onscreen prompts
    Allow your computer to restart when asked to do so. Follow the prompts that appear when the computer turns back on

    Go to Start>>Control Panel>>Network and Internet Connections>>Network Connections
    Right-click Local Area Connection icon and select Properties
    Select Internet Protocol (TCP/IP) and click Properties
    Put a checkmark next to Obtain DNS server automatically if it is not selected already

    Go to Start>>Run>>cmd
    Type ipconfig /flushdns and hit Enter

    Run HijackThis and click Do a system scan and save a log file
    Your HijackThis log will open in Notepad. Post the contents of the log here
     
  3. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    here's the new hijackthis log.

    thanks a lot by the way

    Logfile of HijackThis v1.99.1
    Scan saved at 6:36:31 PM, on 7/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    D:\iTunes\iPod\bin\iPodService.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinAce\WinAce.exe
    C:\DOCUME~1\BRYANB~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\imapi.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
    R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    O4 - HKLM\..\Run: [stratas] lockx.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [br0ken] teqq32.exe
    O4 - HKLM\..\Run: [RtlFindVal] SysEntry.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [utsgmon] UserSp1.exe
    O4 - HKLM\..\Run: [xsetup] forces_elite.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [ngict.exe] C:\WINDOWS\System32\ngict.exe
    O4 - HKLM\..\RunServices: [stratas] lockx.exe
    O4 - HKCU\..\Run: [stratas] lockx.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
    O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
    O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
    O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
    O4 - HKCU\..\Run: [InpriseMon] backd.exe
    O4 - HKCU\..\Run: [control64] KeywordFinder.exe
    O4 - HKCU\..\Run: [PasswdMon] uio.exe
    O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C38D840B-ADAA-4180-B6D6-651DF27A3249}: NameServer = 85.255.116.57,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E80B983B-A579-48B9-B7E3-E58C24FF5627}: NameServer = 85.255.116.57,85.255.112.156
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
     
  4. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Please save or print these instructions before beginning.

    Move HijackThis to a permanent folder such as your Desktop

    Save KillBox to your Desktop

    Restart your computer in Safe Mode

    Run HijackThis and click Do a system scan only
    Put a checkmark next to each of the following entries that appear:

    R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
    R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
    O4 - HKLM\..\Run: [stratas] lockx.exe
    O4 - HKLM\..\Run: [br0ken] teqq32.exe
    O4 - HKLM\..\Run: [RtlFindVal] SysEntry.exe
    O4 - HKLM\..\Run: [utsgmon] UserSp1.exe
    O4 - HKLM\..\Run: [xsetup] forces_elite.exe
    O4 - HKLM\..\Run: [ngict.exe] C:\WINDOWS\System32\ngict.exe
    O4 - HKLM\..\RunServices: [stratas] lockx.exe
    O4 - HKCU\..\Run: [stratas] lockx.exe
    O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
    O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
    O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
    O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
    O4 - HKCU\..\Run: [InpriseMon] backd.exe
    O4 - HKCU\..\Run: [control64] KeywordFinder.exe
    O4 - HKCU\..\Run: [PasswdMon] uio.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C38D840B-ADAA-4180-B6D6-651DF27A3249}: NameServer = 85.255.116.57,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E80B983B-A579-48B9-B7E3-E58C24FF5627}: NameServer = 85.255.116.57,85.255.112.156
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156

    Click Fix Checked and exit HijackThis

    Run KillBox and select Delete on Reboot
    Copy this list of file locations to your clipboard:

    C:\Windows\system32\lockx.exe
    C:\Windows\system32\teqq32.exe
    C:\Windows\system32\SysEntry.exe
    C:\Windows\system32\UserSp1.exe
    C:\Windows\system32\forces_elite.exe
    C:\Windows\system32\C:\WINDOWS\System32\ngict.exe
    C:\Windows\system32\C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE
    C:\Windows\system32\mozilla-text.exe
    C:\Windows\system32\SysSupport.exe
    C:\Windows\system32\Uint32.exe
    C:\Windows\system32\backd.exe
    C:\Windows\system32\uio.exe
    C:\Windows\system32\KeywordFinder.exe
    Go to File>>Paste from clipboard. Click All Files
    Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
    WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
    Run HijackThis and click Do a system scan and save a log file
    Your HijackThis log will open in Notepad. Post the contents of the log here
     
  5. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    new log file

    Logfile of HijackThis v1.99.1
    Scan saved at 7:18:46 PM, on 7/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    D:\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    D:\iTunes\iPod\bin\iPodService.exe
    C:\Documents and Settings\Bryan Baxter\Desktop\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
    R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
    O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [stratas] lockx.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
    O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
    O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
    O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
    O4 - HKCU\..\Run: [InpriseMon] backd.exe
    O4 - HKCU\..\Run: [control64] KeywordFinder.exe
    O4 - HKCU\..\Run: [PasswdMon] uio.exe
    O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
     
  6. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Please save or print these instructions before beginning

    Save The Avenger to your Desktop

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop.

    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.

    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido

    Copy the contents of the following box to your clipboard:
    Run The Avenger and click OK
    Select Input script manually and click the magnifying glass icon
    In the View/edit script box, right-click and choose Paste
    Click Done. Press the button with a picture of a green light
    Choose Yes when prompted to execute the script and click Yes when asked to reboot your computer
    Post the contents of the file C:\Avenger.txt

    Checkmark and fix these entries in HijackThis:
    R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
    R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
    O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
    O4 - HKCU\..\Run: [stratas] lockx.exe
    O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
    O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
    O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
    O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
    O4 - HKCU\..\Run: [InpriseMon] backd.exe
    O4 - HKCU\..\Run: [control64] KeywordFinder.exe
    O4 - HKCU\..\Run: [PasswdMon] uio.exe

    Come back here and post a new HijackThis log along with the log from Ewido
     
  7. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    Avenger

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\vkjtyggt

    *******************

    Script file located at: \??\C:\WINDOWS\System32\jfvjxytt.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll not found!
    Deletion of file C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll failed!

    Could not process line:
    C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
    Status: 0xc0000034



    File C:\WINDOWS\System32\lockx.exe not found!
    Deletion of file C:\WINDOWS\System32\lockx.exe failed!

    Could not process line:
    C:\WINDOWS\System32\lockx.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\mozilla-text.exe not found!
    Deletion of file C:\WINDOWS\System32\mozilla-text.exe failed!

    Could not process line:
    C:\WINDOWS\System32\mozilla-text.exe
    Status: 0xc0000034



    Could not open file C:\DOCUM~1\BRYANB~1\DESKTOP\OREGON~1.EXE for deletion
    Deletion of file C:\DOCUM~1\BRYANB~1\DESKTOP\OREGON~1.EXE failed!

    Could not process line:
    C:\DOCUM~1\BRYANB~1\DESKTOP\OREGON~1.EXE
    Status: 0xc000003a



    File C:\WINDOWS\System32\SysSupport.exe not found!
    Deletion of file C:\WINDOWS\System32\SysSupport.exe failed!

    Could not process line:
    C:\WINDOWS\System32\SysSupport.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\Uint32.exe not found!
    Deletion of file C:\WINDOWS\System32\Uint32.exe failed!

    Could not process line:
    C:\WINDOWS\System32\Uint32.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\backd.exe not found!
    Deletion of file C:\WINDOWS\System32\backd.exe failed!

    Could not process line:
    C:\WINDOWS\System32\backd.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\KeywordFinder.exe not found!
    Deletion of file C:\WINDOWS\System32\KeywordFinder.exe failed!

    Could not process line:
    C:\WINDOWS\System32\KeywordFinder.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\uio.exe not found!
    Deletion of file C:\WINDOWS\System32\uio.exe failed!

    Could not process line:
    C:\WINDOWS\System32\uio.exe
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.
     
  8. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 8:37:55 PM, on 7/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    D:\iTunes\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Bryan Baxter\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
     
  9. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    Ewido

    + Scan result:

    C:\WINDOWS\system32\{7FF001F0-8637-4F68-B75F-21322FDD5DD8}.exe -> Adware.Casino : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{0012F999-20D9-4D25-8DC6-8705AE2BE0A3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{022951CF-E4D8-4D8A-9333-2AA7C5B8E8A2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{04A1E17D-0836-41B6-9764-13700893D89A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{06CD0378-9466-41AE-BCA0-A93102EBA7B5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{0BF3D3B6-5AB1-45B3-A86F-FB32651D9398}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{0F0610B0-4273-4577-AA28-9D448E88728B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{0F779B94-86A7-4C57-852C-1006DC8EC462}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{169AC1E3-EDB6-417C-8901-0138F48D0623}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{173AACEA-E98A-4D6A-8D21-0C669F0C6A76}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{1A0C99A4-FF69-4E2E-9BB9-D3861434DBC7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{1A6CB3B3-39D9-428E-A0CA-A0B18245442D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{1B0B7F83-9701-49CA-AF36-B0021F54A9DF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{1B1584B4-1531-4294-8FD8-5CFD6B72C2AA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{23739F93-059A-4920-9CFD-9301ACFD198F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{25B9B01D-0360-4D94-928B-B53F8D3B02D4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{29AAAA44-5F9A-4E0C-BD2C-D7FA6F9A60C6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{2F023D47-E248-436C-8B9A-FBE6A70EAA9F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{31E299FB-7DDB-4905-9AF0-E15AB6A40179}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{33B847DF-B1FE-41CF-B89B-2A15421F488A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{34F6E198-203D-42C7-8300-8688915AC151}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{3AAC8DB4-1C4E-4289-9ED2-057C8355114F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{3B84EEEC-8EB1-451D-9625-A3E2C2BA2C79}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{3C5681C2-1B8C-4052-B008-BE12260AD217}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{3C63EEFA-EC03-4F91-B9B8-D2F87745DCF4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{3C8B764A-699E-4B8A-8F57-420A4E67A179}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{3CF31705-2C5D-4118-8BCB-AF793DA68057}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{3D68A2EE-48C6-4016-B0A9-B88FDE829A37}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{3DDCB1DF-36E0-4F9C-9B0E-9AB6453F15E5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{41A143C5-1AF1-4DF0-98DF-E99B8168B5D8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{431B1F9C-1EF6-43B9-80F9-FA123B08434A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{459147D2-4F8B-45E4-8544-0B8EC205DE46}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{45CDBA50-4198-4F20-868D-1A8839D3C452}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{47B73156-B008-4167-B17C-C9E6E4C522AE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{4A32B57A-DD99-43F2-9668-54C9DEACFCD1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{4A540303-1255-45E6-9072-6E316D11DE0E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{4D3E5B04-E573-4375-9AA3-8BD78004FFD8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{4E7F0F8A-2703-46AB-B928-2B4DE925AF46}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{50140D44-7E30-4D25-A0B1-E18D15D78900}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{52F72B74-1C46-4101-A0A6-95D2461BFF17}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{5376A7EE-493A-4EE2-AE48-1E82EC96ED64}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{552A9443-0260-435D-B6FF-5916B7490B1D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{580D057D-5EA7-4021-8F8A-82CF7A0C09E3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{5A527A91-3449-4A87-9BA3-E6E451732571}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{5AA06B27-87B8-41DA-9CF8-A8DC11F69DC4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{5C25AAE2-82A1-41AC-ACE5-592E36968C3D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{5FE004C1-0F95-4FEC-AF94-CD42F4A71F96}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{63304B38-8646-4BB0-BD8C-352435616E1C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{6765EC24-98D9-4355-A05A-53E386F9281C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{686D4EF3-BB0E-4A91-8F6D-1FBB213B1D14}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{68955578-1C5D-419C-A340-B0F4809543F5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{690099A3-091A-40CB-8537-4DF82CEAD7E3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{6D8B501F-5427-4A79-A453-0CE74EE47161}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{78226FFC-3D23-4BE5-AF88-94C40A2C4995}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{7BF7895C-E7E8-45FE-85B7-C48DD10F22D3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{7FFD7607-3C51-433B-B551-5388BDBC1681}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{82A28FBB-06AE-4EEB-B4C5-6974471A24A0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{82BE6D4E-5A0F-43E9-ADCC-9772E8A04012}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{83CEF1E7-410E-425D-89FF-F83E317A3D15}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{85D00F1A-057E-41FA-B9FD-FD0500BE72F7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{87EA6F54-DD84-48CE-B2E0-223281C08EBE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{8EEEFBD0-08E9-412C-84F0-554CBA102B06}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{8FCA084F-76CD-4E8E-96DA-6C2836150AC1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{912B6B24-D31B-45E9-A4FB-44A274173261}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{9646C0A0-B845-4D6F-83AB-F65522DD52CE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{9C737D55-7262-4B1F-B4EF-AB21E7169979}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{9DAA8AC9-E01E-49D8-A6D9-7B188EC74185}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{9DE22584-C6FE-46F3-818C-8D0056F089F1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{A2443D4B-A5F0-4A81-848E-E128A4A4ED13}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{A4FF43B0-14DD-4DCD-AB56-8DF8E88839FD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{A877E585-4C7A-4FD5-9A55-3732F3FEEC10}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{AB7F40CF-5236-4C61-8042-B2255CF2275A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{B0E230A5-C62B-41C6-BCFB-25909F70CC5F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{B227F20F-5B3B-4699-8102-C0E08C92B057}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{B2FCDF35-A59B-4A0D-9509-9BAD4B99091D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{B70A1CE0-2F8B-4CB3-8AEA-8D967FC043A0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{B99AD401-9014-47AF-BE90-D1B226B142EF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{BB312D59-1B44-4F6D-8315-ECA8A6621A43}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{BB70DC94-B177-4255-BC78-98718B73476B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{C11B1A0D-196E-42A6-87CF-092BA64FD62B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{C2486793-478C-4AE7-ABC4-07800AA3F0BB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{C291FA66-3F3E-464E-B461-44E3B5A415AB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{C52A01AC-EB1A-4CE2-8ADD-836506B08986}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{C5E90D83-469A-426C-9719-173061208681}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{CB774A21-1AD4-457D-A1A0-7B8B0DB6A2E5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{CC697990-836B-47D1-81B9-ED06CF093418}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{CE76B65B-C134-4509-B670-B8DB81F2A053}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{CFA79D77-5C87-4817-8BE5-5914A8CEE9EF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{D1B07A18-84F5-44B6-9252-8F6BA728A9F5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{D5C3EB23-27DC-42C0-9480-62A8541BF8AC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{D74C073A-C9B8-4D9E-AF8E-E6CC64C13846}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{D7D3E0F3-A550-41B5-BB4D-8B939ADB4B97}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{DBFE5F10-78DE-45CC-AF7B-9939ADD9575C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{DFF0A4E6-6358-420C-BE6E-62D47B04DDE4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{E1004584-F0B8-4177-B847-783A1B52116E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{E181C68F-24B7-4BB8-A0B6-05F73310396A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{E318D5A7-1600-49A1-A890-D9589DEFBF9B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{E4DF9483-11B6-43B5-ABCD-74C97056A0D5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{E741615A-8797-4155-9428-D9BE9845CB16}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{EA924E59-D97A-4F4F-98C4-CEAAE2E6397D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{EBD848C5-7607-4B11-9977-3073345F601D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{EE40EF35-F471-4E11-90FA-C0C66FE9676A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{F12FCCBA-4843-44D6-9EB6-490187C9BEF9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{FCAEE7A6-5EA3-4D31-A6D8-49700FF22EE1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{A237BB4F-4493-4A60-90DA-E6180EE56C78}.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{9C33AB2D-3E76-46C8-882A-7564CAC7D06D}.exe -> Adware.Raze : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{A08F2BB7-BD5C-462D-A614-576CBDAF50C7}.dll -> Adware.SBSoft : Cleaned with backup (quarantined).
    C:\RECYCLER\S-1-5-21-2389996873-3530690970-3492513417-1005\Dc6.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    :mozilla.111:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.112:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.114:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.115:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.116:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.117:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.118:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.119:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.120:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.178:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.507:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.617:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.401:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.402:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.357:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.358:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.188:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.197:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.198:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.199:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.200:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.212:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.213:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.103:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.104:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.105:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.109:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
     
  10. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    :mozilla.110:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.6:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.621:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.100:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.626:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.98:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.99:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.185:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.192:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.193:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.75:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.76:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.77:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.78:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.79:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.80:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.81:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.411:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
    :mozilla.22:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.650:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.500:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
    :mozilla.225:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    :mozilla.226:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    :mozilla.263:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.437:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.132:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.133:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.134:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.564:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    :mozilla.565:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    :mozilla.318:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.322:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.325:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.337:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.338:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.342:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.343:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.557:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.639:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.640:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.641:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.68:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.69:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.287:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.288:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.160:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.161:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.261:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.262:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.340:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.562:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
    :mozilla.166:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.167:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.168:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.169:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.423:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    :mozilla.424:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    :mozilla.15:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.17:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.21:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.505:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.454:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.455:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.456:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.457:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.156:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.157:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.158:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.159:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.58:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.59:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.60:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.61:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.62:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.63:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.64:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.65:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.66:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.67:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    :mozilla.392:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
    :mozilla.339:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    :mozilla.341:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    :mozilla.634:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    :mozilla.635:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    :mozilla.636:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    :mozilla.190:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.191:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.649:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.71:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.73:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.186:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    :mozilla.187:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

    :mozilla.323:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.324:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.504:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
    :mozilla.386:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.387:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.313:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
    :mozilla.87:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.88:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.89:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.194:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.195:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.196:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\xz.bat -> Trojan.KillProc.a : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{8032F4C2-808E-45AE-851E-6085813FD7B8}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\{4C69AAE0-2CC3-47CA-A98B-53FDA69D121A}.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).


    ::Report end
     
  11. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    i think that did it. everything is running fast again, and avg hasn't popped up after 20 minutes of being online.


    thanks a ton
     
  12. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Checkmark and fix this in HijackThis:
    O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

    Go to Start>>Control Panel>>Add or Remove Programs and uninstall any listed versions of Java
    You can get the latest version from http://java.com
     
  13. sfbavier

    sfbavier Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    9
    okay...is there anything else i need to do??? everything seems to be fine

    here's the new log

    Logfile of HijackThis v1.99.1
    Scan saved at 8:51:30 PM, on 7/13/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    D:\iTunes\iPod\bin\iPodService.exe
    C:\Documents and Settings\Bryan Baxter\Desktop\install_flash_player.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Bryan Baxter\Desktop\install_flash_player.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Bryan Baxter\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
     
  14. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Everything else looks ok (y)
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/482614

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice