razeware/trojan still on my roommates vaio

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
hey all-

my roommate got the notorious razespyware on his computer, and after following the instructions on the other razeware threads i managed to restore his desktop, and his performance is much better; however, firefox freezes whenever you open it up. avg, adaware, spybot, smitRem, ewido, spyhunter, you name it i've tried it. spyhunter and ewido always freeze when they get about half way through.

also as soon as you connect to the internet avg pops up saying there's a trojan located C:\\WINDOWS\system32\{3EEA08A2-CF98-415B-8094--079CAC8DFFF3}.exe if you heal the virus it says it's healed but will pop up again sometime in the next 15-20 minutes.

thanks in advance

here's the hijackthis log file

Logfile of HijackThis v1.99.1
Scan saved at 2:30:16 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\iTunes\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\DOCUME~1\BRYANB~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [exe.sonmd] C:\WINDOWS\System32\dmnos.exe
O4 - HKLM\..\Run: [exe.rremd] C:\WINDOWS\System32\dmerr.exe
O4 - HKLM\..\Run: [br0ken] teqq32.exe
O4 - HKLM\..\Run: [RtlFindVal] SysEntry.exe
O4 - HKLM\..\Run: [exe.avqmd] C:\WINDOWS\System32\dmqva.exe
O4 - HKLM\..\Run: [exe.jutmd] C:\WINDOWS\System32\dmtuj.exe
O4 - HKLM\..\Run: [exe.izcmd] C:\WINDOWS\System32\dmczi.exe
O4 - HKLM\..\Run: [exe.ijsmd] C:\WINDOWS\System32\dmsji.exe
O4 - HKLM\..\Run: [exe.xfmmd] C:\WINDOWS\System32\dmmfx.exe
O4 - HKLM\..\Run: [exe.jnemd] C:\WINDOWS\System32\dmenj.exe
O4 - HKLM\..\Run: [exe.slhmd] C:\WINDOWS\System32\dmhls.exe
O4 - HKLM\..\Run: [exe.srtmd] C:\WINDOWS\System32\dmtrs.exe
O4 - HKLM\..\Run: [exe.ibumd] C:\WINDOWS\System32\dmubi.exe
O4 - HKLM\..\Run: [exe.xwbmd] C:\WINDOWS\System32\dmbwx.exe
O4 - HKLM\..\Run: [exe.qlrmd] C:\WINDOWS\System32\dmrlq.exe
O4 - HKLM\..\Run: [exe.kbtmd] C:\WINDOWS\System32\dmtbk.exe
O4 - HKLM\..\Run: [exe.jmcmd] C:\WINDOWS\System32\dmcmj.exe
O4 - HKLM\..\Run: [exe.hpemd] C:\WINDOWS\System32\dmeph.exe
O4 - HKLM\..\Run: [exe.btumd] C:\WINDOWS\System32\dmutb.exe
O4 - HKLM\..\Run: [exe.aobmd] C:\WINDOWS\System32\dmboa.exe
O4 - HKLM\..\Run: [exe.ipbmd] C:\WINDOWS\System32\dmbpi.exe
O4 - HKLM\..\Run: [exe.irwmd] C:\WINDOWS\System32\dmwri.exe
O4 - HKLM\..\Run: [exe.jjqmd] C:\WINDOWS\System32\dmqjj.exe
O4 - HKLM\..\Run: [exe.nyymd] C:\WINDOWS\System32\dmyyn.exe
O4 - HKLM\..\Run: [exe.kaqmd] C:\WINDOWS\System32\dmqak.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [utsgmon] UserSp1.exe
O4 - HKLM\..\Run: [xsetup] forces_elite.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [wfznu.exe] C:\WINDOWS\System32\wfznu.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [InpriseMon] backd.exe
O4 - HKCU\..\Run: [control64] KeywordFinder.exe
O4 - HKCU\..\Run: [PasswdMon] uio.exe
O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57A6123E-9C77-4FD8-A740-AD1181456177}: NameServer = 85.255.116.57,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{740C67F9-624F-48DE-922A-DE86C2311CC8}: NameServer = 85.255.116.57,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38D840B-ADAA-4180-B6D6-651DF27A3249}: NameServer = 85.255.116.57,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{E80B983B-A579-48B9-B7E3-E58C24FF5627}: NameServer = 85.255.116.57,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning.

Save FixWareOut to your Desktop

Run FixWareout and click Next>>Insatll
Make sure Run Fixit is checked and click Finish, then follow the onscreen prompts
Allow your computer to restart when asked to do so. Follow the prompts that appear when the computer turns back on

Go to Start>>Control Panel>>Network and Internet Connections>>Network Connections
Right-click Local Area Connection icon and select Properties
Select Internet Protocol (TCP/IP) and click Properties
Put a checkmark next to Obtain DNS server automatically if it is not selected already

Go to Start>>Run>>cmd
Type ipconfig /flushdns and hit Enter

Run HijackThis and click Do a system scan and save a log file
Your HijackThis log will open in Notepad. Post the contents of the log here
 

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
here's the new hijackthis log.

thanks a lot by the way

Logfile of HijackThis v1.99.1
Scan saved at 6:36:31 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\iTunes\iPod\bin\iPodService.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\BRYANB~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe
C:\WINDOWS\System32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [br0ken] teqq32.exe
O4 - HKLM\..\Run: [RtlFindVal] SysEntry.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [utsgmon] UserSp1.exe
O4 - HKLM\..\Run: [xsetup] forces_elite.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ngict.exe] C:\WINDOWS\System32\ngict.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
O4 - HKCU\..\Run: [InpriseMon] backd.exe
O4 - HKCU\..\Run: [control64] KeywordFinder.exe
O4 - HKCU\..\Run: [PasswdMon] uio.exe
O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38D840B-ADAA-4180-B6D6-651DF27A3249}: NameServer = 85.255.116.57,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{E80B983B-A579-48B9-B7E3-E58C24FF5627}: NameServer = 85.255.116.57,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning.

Move HijackThis to a permanent folder such as your Desktop

Save KillBox to your Desktop

Restart your computer in Safe Mode

Run HijackThis and click Do a system scan only
Put a checkmark next to each of the following entries that appear:

R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [br0ken] teqq32.exe
O4 - HKLM\..\Run: [RtlFindVal] SysEntry.exe
O4 - HKLM\..\Run: [utsgmon] UserSp1.exe
O4 - HKLM\..\Run: [xsetup] forces_elite.exe
O4 - HKLM\..\Run: [ngict.exe] C:\WINDOWS\System32\ngict.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
O4 - HKCU\..\Run: [InpriseMon] backd.exe
O4 - HKCU\..\Run: [control64] KeywordFinder.exe
O4 - HKCU\..\Run: [PasswdMon] uio.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38D840B-ADAA-4180-B6D6-651DF27A3249}: NameServer = 85.255.116.57,85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\..\{E80B983B-A579-48B9-B7E3-E58C24FF5627}: NameServer = 85.255.116.57,85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.57 85.255.112.156

Click Fix Checked and exit HijackThis

Run KillBox and select Delete on Reboot
Copy this list of file locations to your clipboard:

C:\Windows\system32\lockx.exe
C:\Windows\system32\teqq32.exe
C:\Windows\system32\SysEntry.exe
C:\Windows\system32\UserSp1.exe
C:\Windows\system32\forces_elite.exe
C:\Windows\system32\C:\WINDOWS\System32\ngict.exe
C:\Windows\system32\C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE
C:\Windows\system32\mozilla-text.exe
C:\Windows\system32\SysSupport.exe
C:\Windows\system32\Uint32.exe
C:\Windows\system32\backd.exe
C:\Windows\system32\uio.exe
C:\Windows\system32\KeywordFinder.exe
Go to File>>Paste from clipboard. Click All Files
Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
Run HijackThis and click Do a system scan and save a log file
Your HijackThis log will open in Notepad. Post the contents of the log here
 

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
new log file

Logfile of HijackThis v1.99.1
Scan saved at 7:18:46 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\iTunes\iPod\bin\iPodService.exe
C:\Documents and Settings\Bryan Baxter\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
O4 - HKCU\..\Run: [InpriseMon] backd.exe
O4 - HKCU\..\Run: [control64] KeywordFinder.exe
O4 - HKCU\..\Run: [PasswdMon] uio.exe
O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning

Save The Avenger to your Desktop

Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop.

  • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.

  • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
  • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido

Copy the contents of the following box to your clipboard:

Files to delete:
C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
C:\Windows\system32\lockx.exe
C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE
C:\Windows\system32\mozilla-text.exe
C:\Windows\system32\SysSupport.exe
C:\Windows\system32\Uint32.exe
C:\Windows\system32\backd.exe
C:\Windows\system32\KeywordFinder.exe
C:\Windows\system32\uio.exe
Run The Avenger and click OK
Select Input script manually and click the magnifying glass icon
In the View/edit script box, right-click and choose Paste
Click Done. Press the button with a picture of a green light
Choose Yes when prompted to execute the script and click Yes when asked to reboot your computer
Post the contents of the file C:\Avenger.txt

Checkmark and fix these entries in HijackThis:
R3 - URLSearchHook: (no name) - {F6786E71-627C-263F-54BA-D95635284C83} - browsebar.dll (file missing)
R3 - URLSearchHook: (no name) - {4F1AFE59-EB9D-FDD3-57B5-E30E841890E0} - utsgmon.dll (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [OregonTrail.exe] C:\DOCUME~1\BRYANB~1\DESKTOP\OREGON~1.EXE /r
O4 - HKCU\..\Run: [SysSupport] mozilla-text.exe
O4 - HKCU\..\Run: [utsgmon] SysSupport.exe
O4 - HKCU\..\Run: [mozilla-text] Uint32.exe
O4 - HKCU\..\Run: [InpriseMon] backd.exe
O4 - HKCU\..\Run: [control64] KeywordFinder.exe
O4 - HKCU\..\Run: [PasswdMon] uio.exe

Come back here and post a new HijackThis log along with the log from Ewido
 

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
Avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vkjtyggt

*******************

Script file located at: \??\C:\WINDOWS\System32\jfvjxytt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll not found!
Deletion of file C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll failed!

Could not process line:
C:\WINDOWS\System32\{38252E93-74ED-4B8A-B382-7D422005FB51}.dll
Status: 0xc0000034



File C:\WINDOWS\System32\lockx.exe not found!
Deletion of file C:\WINDOWS\System32\lockx.exe failed!

Could not process line:
C:\WINDOWS\System32\lockx.exe
Status: 0xc0000034



File C:\WINDOWS\System32\mozilla-text.exe not found!
Deletion of file C:\WINDOWS\System32\mozilla-text.exe failed!

Could not process line:
C:\WINDOWS\System32\mozilla-text.exe
Status: 0xc0000034



Could not open file C:\DOCUM~1\BRYANB~1\DESKTOP\OREGON~1.EXE for deletion
Deletion of file C:\DOCUM~1\BRYANB~1\DESKTOP\OREGON~1.EXE failed!

Could not process line:
C:\DOCUM~1\BRYANB~1\DESKTOP\OREGON~1.EXE
Status: 0xc000003a



File C:\WINDOWS\System32\SysSupport.exe not found!
Deletion of file C:\WINDOWS\System32\SysSupport.exe failed!

Could not process line:
C:\WINDOWS\System32\SysSupport.exe
Status: 0xc0000034



File C:\WINDOWS\System32\Uint32.exe not found!
Deletion of file C:\WINDOWS\System32\Uint32.exe failed!

Could not process line:
C:\WINDOWS\System32\Uint32.exe
Status: 0xc0000034



File C:\WINDOWS\System32\backd.exe not found!
Deletion of file C:\WINDOWS\System32\backd.exe failed!

Could not process line:
C:\WINDOWS\System32\backd.exe
Status: 0xc0000034



File C:\WINDOWS\System32\KeywordFinder.exe not found!
Deletion of file C:\WINDOWS\System32\KeywordFinder.exe failed!

Could not process line:
C:\WINDOWS\System32\KeywordFinder.exe
Status: 0xc0000034



File C:\WINDOWS\System32\uio.exe not found!
Deletion of file C:\WINDOWS\System32\uio.exe failed!

Could not process line:
C:\WINDOWS\System32\uio.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
 

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 8:37:55 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\iTunes\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Bryan Baxter\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
 

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
Ewido

+ Scan result:

C:\WINDOWS\system32\{7FF001F0-8637-4F68-B75F-21322FDD5DD8}.exe -> Adware.Casino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0012F999-20D9-4D25-8DC6-8705AE2BE0A3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{022951CF-E4D8-4D8A-9333-2AA7C5B8E8A2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{04A1E17D-0836-41B6-9764-13700893D89A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{06CD0378-9466-41AE-BCA0-A93102EBA7B5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0BF3D3B6-5AB1-45B3-A86F-FB32651D9398}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0F0610B0-4273-4577-AA28-9D448E88728B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0F779B94-86A7-4C57-852C-1006DC8EC462}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{169AC1E3-EDB6-417C-8901-0138F48D0623}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{173AACEA-E98A-4D6A-8D21-0C669F0C6A76}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1A0C99A4-FF69-4E2E-9BB9-D3861434DBC7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1A6CB3B3-39D9-428E-A0CA-A0B18245442D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1B0B7F83-9701-49CA-AF36-B0021F54A9DF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1B1584B4-1531-4294-8FD8-5CFD6B72C2AA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{23739F93-059A-4920-9CFD-9301ACFD198F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{25B9B01D-0360-4D94-928B-B53F8D3B02D4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{29AAAA44-5F9A-4E0C-BD2C-D7FA6F9A60C6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2F023D47-E248-436C-8B9A-FBE6A70EAA9F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{31E299FB-7DDB-4905-9AF0-E15AB6A40179}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{33B847DF-B1FE-41CF-B89B-2A15421F488A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{34F6E198-203D-42C7-8300-8688915AC151}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3AAC8DB4-1C4E-4289-9ED2-057C8355114F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3B84EEEC-8EB1-451D-9625-A3E2C2BA2C79}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3C5681C2-1B8C-4052-B008-BE12260AD217}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3C63EEFA-EC03-4F91-B9B8-D2F87745DCF4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3C8B764A-699E-4B8A-8F57-420A4E67A179}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3CF31705-2C5D-4118-8BCB-AF793DA68057}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3D68A2EE-48C6-4016-B0A9-B88FDE829A37}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3DDCB1DF-36E0-4F9C-9B0E-9AB6453F15E5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{41A143C5-1AF1-4DF0-98DF-E99B8168B5D8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{431B1F9C-1EF6-43B9-80F9-FA123B08434A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{459147D2-4F8B-45E4-8544-0B8EC205DE46}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{45CDBA50-4198-4F20-868D-1A8839D3C452}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{47B73156-B008-4167-B17C-C9E6E4C522AE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4A32B57A-DD99-43F2-9668-54C9DEACFCD1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4A540303-1255-45E6-9072-6E316D11DE0E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4D3E5B04-E573-4375-9AA3-8BD78004FFD8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4E7F0F8A-2703-46AB-B928-2B4DE925AF46}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{50140D44-7E30-4D25-A0B1-E18D15D78900}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{52F72B74-1C46-4101-A0A6-95D2461BFF17}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5376A7EE-493A-4EE2-AE48-1E82EC96ED64}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{552A9443-0260-435D-B6FF-5916B7490B1D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{580D057D-5EA7-4021-8F8A-82CF7A0C09E3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5A527A91-3449-4A87-9BA3-E6E451732571}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5AA06B27-87B8-41DA-9CF8-A8DC11F69DC4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5C25AAE2-82A1-41AC-ACE5-592E36968C3D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5FE004C1-0F95-4FEC-AF94-CD42F4A71F96}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{63304B38-8646-4BB0-BD8C-352435616E1C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6765EC24-98D9-4355-A05A-53E386F9281C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{686D4EF3-BB0E-4A91-8F6D-1FBB213B1D14}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{68955578-1C5D-419C-A340-B0F4809543F5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{690099A3-091A-40CB-8537-4DF82CEAD7E3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6D8B501F-5427-4A79-A453-0CE74EE47161}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{78226FFC-3D23-4BE5-AF88-94C40A2C4995}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7BF7895C-E7E8-45FE-85B7-C48DD10F22D3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7FFD7607-3C51-433B-B551-5388BDBC1681}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{82A28FBB-06AE-4EEB-B4C5-6974471A24A0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{82BE6D4E-5A0F-43E9-ADCC-9772E8A04012}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{83CEF1E7-410E-425D-89FF-F83E317A3D15}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{85D00F1A-057E-41FA-B9FD-FD0500BE72F7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{87EA6F54-DD84-48CE-B2E0-223281C08EBE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8EEEFBD0-08E9-412C-84F0-554CBA102B06}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8FCA084F-76CD-4E8E-96DA-6C2836150AC1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{912B6B24-D31B-45E9-A4FB-44A274173261}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9646C0A0-B845-4D6F-83AB-F65522DD52CE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9C737D55-7262-4B1F-B4EF-AB21E7169979}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9DAA8AC9-E01E-49D8-A6D9-7B188EC74185}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9DE22584-C6FE-46F3-818C-8D0056F089F1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A2443D4B-A5F0-4A81-848E-E128A4A4ED13}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A4FF43B0-14DD-4DCD-AB56-8DF8E88839FD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A877E585-4C7A-4FD5-9A55-3732F3FEEC10}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AB7F40CF-5236-4C61-8042-B2255CF2275A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B0E230A5-C62B-41C6-BCFB-25909F70CC5F}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B227F20F-5B3B-4699-8102-C0E08C92B057}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B2FCDF35-A59B-4A0D-9509-9BAD4B99091D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B70A1CE0-2F8B-4CB3-8AEA-8D967FC043A0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B99AD401-9014-47AF-BE90-D1B226B142EF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BB312D59-1B44-4F6D-8315-ECA8A6621A43}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BB70DC94-B177-4255-BC78-98718B73476B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C11B1A0D-196E-42A6-87CF-092BA64FD62B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C2486793-478C-4AE7-ABC4-07800AA3F0BB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C291FA66-3F3E-464E-B461-44E3B5A415AB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C52A01AC-EB1A-4CE2-8ADD-836506B08986}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C5E90D83-469A-426C-9719-173061208681}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CB774A21-1AD4-457D-A1A0-7B8B0DB6A2E5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CC697990-836B-47D1-81B9-ED06CF093418}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CE76B65B-C134-4509-B670-B8DB81F2A053}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CFA79D77-5C87-4817-8BE5-5914A8CEE9EF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D1B07A18-84F5-44B6-9252-8F6BA728A9F5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D5C3EB23-27DC-42C0-9480-62A8541BF8AC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D74C073A-C9B8-4D9E-AF8E-E6CC64C13846}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D7D3E0F3-A550-41B5-BB4D-8B939ADB4B97}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DBFE5F10-78DE-45CC-AF7B-9939ADD9575C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DFF0A4E6-6358-420C-BE6E-62D47B04DDE4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E1004584-F0B8-4177-B847-783A1B52116E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E181C68F-24B7-4BB8-A0B6-05F73310396A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E318D5A7-1600-49A1-A890-D9589DEFBF9B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E4DF9483-11B6-43B5-ABCD-74C97056A0D5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E741615A-8797-4155-9428-D9BE9845CB16}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EA924E59-D97A-4F4F-98C4-CEAAE2E6397D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EBD848C5-7607-4B11-9977-3073345F601D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EE40EF35-F471-4E11-90FA-C0C66FE9676A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F12FCCBA-4843-44D6-9EB6-490187C9BEF9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FCAEE7A6-5EA3-4D31-A6D8-49700FF22EE1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A237BB4F-4493-4A60-90DA-E6180EE56C78}.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9C33AB2D-3E76-46C8-882A-7564CAC7D06D}.exe -> Adware.Raze : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A08F2BB7-BD5C-462D-A614-576CBDAF50C7}.dll -> Adware.SBSoft : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2389996873-3530690970-3492513417-1005\Dc6.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.617:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.401:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.402:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
 

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
:mozilla.110:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.621:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.650:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.500:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.337:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.338:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.342:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.557:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.639:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.640:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.641:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.562:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.424:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.454:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.455:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.456:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.457:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.392:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.341:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.634:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.635:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.636:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.649:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

:mozilla.323:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.386:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Bryan Baxter\Cookies\bryan [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Bryan Baxter\Application Data\Mozilla\Firefox\Profiles\pmm8ff6f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\xz.bat -> Trojan.KillProc.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8032F4C2-808E-45AE-851E-6085813FD7B8}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4C69AAE0-2CC3-47CA-A98B-53FDA69D121A}.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).


::Report end
 

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
i think that did it. everything is running fast again, and avg hasn't popped up after 20 minutes of being online.


thanks a ton
 
Joined
Jul 8, 2002
Messages
14,681
Checkmark and fix this in HijackThis:
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

Go to Start>>Control Panel>>Add or Remove Programs and uninstall any listed versions of Java
You can get the latest version from http://java.com
 

sfbavier

Thread Starter
Joined
Jul 12, 2006
Messages
9
okay...is there anything else i need to do??? everything seems to be fine

here's the new log

Logfile of HijackThis v1.99.1
Scan saved at 8:51:30 PM, on 7/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\iTunes\iPod\bin\iPodService.exe
C:\Documents and Settings\Bryan Baxter\Desktop\install_flash_player.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Bryan Baxter\Desktop\install_flash_player.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Bryan Baxter\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Registration Far Cry.LNK = C:\Program Files\Ubisoft\Crytek\Far Cry\Register\RegistrationReminder.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\iTunes\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top