Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse Small.P [RESOLVED]

Started by wayorx , Jun 16 2008 02:23 PM

  • This topic is locked This topic is locked

#1
wayorx
Posted 16 June 2008 - 02:23 PM

wayorx

    New Member

  • Member
  • Pip
  • 8 posts
The AVG scanner shows that

Trojan Horse Small.P

is located at:

C: Program Files/Driliuj/Mrbxbg.exe

and I think it copied itself in a backup system restore:

C:\System Value Information\_restore(F6....etc)\RP224\A0026649.exe

It can not Heal it.


Here is the Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:02 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Documents and Settings\Cody P\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\guard.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgamsvr.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgupsvc.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgcc.exe
C:\Documents and Settings\Cody P\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Cody P\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\DOCUME~1\CODYP\Desktop\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\DOCUME~1\CODYP\Desktop\AVGANT~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activatio...oad/tgctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204119399531
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform...ins/OFMailX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/o...e/bin/setup.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Cody P\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 11388 bytes


I really appreciate what you guys do !

Can't get rid of this !
  • 0

Advertisements

#2
eddie5659
Posted 21 June 2008 - 11:19 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Hello wayorx, and welcome to Geeks to Go! :)

Please read this post completely. It may make it easier for you if you print, or copy and paste this post to a new text document for reference later.

This will likely be a few steps process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Regards

eddie
  • 0

#3
wayorx
Posted 22 June 2008 - 12:36 PM

wayorx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
HI Eddie, My name is Eddie Too ! How cool !

thanks again for all the help, here goes:

Main.txt


Deckard's System Scanner v20071014.68
Run by Cody Pace on 2008-06-22 13:29:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-06-22 18:29:14 UTC - RP437 - Deckard's System Scanner Restore Point
38: 2008-06-21 19:40:00 UTC - RP436 - System Checkpoint
37: 2008-06-20 08:02:13 UTC - RP435 - Software Distribution Service 3.0
36: 2008-06-20 01:52:41 UTC - RP434 - System Checkpoint
35: 2008-06-18 23:51:57 UTC - RP433 - System Checkpoint


-- First Restore Point --
1: 2008-03-25 10:38:57 UTC - RP399 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Cody Pace.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:36 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgcc.exe
C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\guard.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgamsvr.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgupsvc.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cody Pace\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Cody Pace.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activatio...oad/tgctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204119399531
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform...ins/OFMailX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/o...e/bin/setup.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 11431 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SAMFILT - c:\windows\system32\drivers\samfilt.sys <Not Verified; Dolphin, Inc.; Dolphin Keyboard Filter>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-22 02:08:12 378 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2100-02-23 14:35:34 768 --a------ C:\WINDOWS\x73_lut.dat
2008-06-16 14:44:49 0 d-------- C:\Program Files\Trend Micro
2008-06-16 14:23:28 0 d-------- C:\Documents and Settings\Cody Pace\Application Data\Malwarebytes
2008-06-16 14:23:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 14:23:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 14:23:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-16 13:55:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-16 13:55:02 0 d-------- C:\Documents and Settings\Cody Pace\Application Data\skypePM
2008-06-16 13:53:31 0 d-------- C:\Documents and Settings\Cody Pace\Application Data\Skype
2008-06-16 13:53:06 0 d-------- C:\Program Files\Skype
2008-06-16 13:53:06 0 d-------- C:\Program Files\Common Files\Skype
2008-06-16 13:52:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-16 12:54:38 0 d-------- C:\WINDOWS\pss
2008-06-16 12:50:18 0 dr-h----- C:\Documents and Settings\Cody Pace\Recent
2008-06-13 11:42:42 0 d-------- C:\Program Files\MetaTrader Manager 4
2008-06-05 21:54:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-05 21:54:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-30 17:49:50 0 d-------- C:\Documents and Settings\Cody Pace\Application Data\My Games
2008-05-30 16:47:48 0 d-------- C:\Program Files\Varengold Fox
2008-05-30 16:28:35 0 d-------- C:\Documents and Settings\Cody Pace\Application Data\Stellarium
2008-05-30 16:27:19 0 d-------- C:\Program Files\Stellarium
2008-05-30 16:05:17 0 d-------- C:\Program Files\Firaxis Games


-- Find3M Report ---------------------------------------------------------------

2008-06-22 13:27:21 0 d-------- C:\Documents and Settings\Cody Pace\Application Data\OpenOffice.org2
2008-06-22 13:27:02 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-06-16 21:44:43 0 d-------- C:\Program Files\Autochartist <AUTOCH~1>
2008-06-16 14:23:06 0 d-------- C:\Program Files\Common Files
2008-06-16 13:07:31 0 d-------- C:\Documents and Settings\Cody Pace\Application Data\AVG7
2008-06-16 13:04:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-11 22:04:11 0 d-------- C:\Program Files\eToro
2008-06-05 21:52:42 0 d-------- C:\Documents and Settings\Cody Pace\Application Data\AdobeUM
2008-05-30 18:15:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 16:01:32 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-30 15:45:16 0 d--h----- C:\Program Files\Zero G Registry
2008-05-30 15:42:27 0 d-------- C:\Program Files\Bodog Poker
2008-05-30 15:30:42 0 d-------- C:\Program Files\Support.com
2008-05-30 15:30:24 0 d-------- C:\Program Files\Finex ProTrader
2008-05-30 15:30:22 0 d-------- C:\Program Files\DivX
2008-05-30 15:29:33 0 d-------- C:\Program Files\Common Files\AOL
2008-04-23 17:44:00 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 07:04 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/29/2004 10:15 AM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [08/12/2004 08:45 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [07/16/2004 02:17 PM]
"SoundMan"="SOUNDMAN.EXE" [11/02/2004 05:53 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [11/29/2004 05:00 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [10/13/2004 07:00 PM C:\WINDOWS\ALCMTR.EXE]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [11/15/2005 01:12 PM]
"AVG7_CC"="C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgcc.exe" [04/18/2008 07:24 PM]
"!AVG Anti-Spyware"="C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [05/15/2007 09:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/13/2007 10:47 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/13/2007 10:47 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [01/13/2007 10:46 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/25/2007 08:25 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"AVG7_Run"=C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgw.exe /RUNONCE

C:\Documents and Settings\Cody Pace\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background




-- End of Deckard's System Scanner: finished at 2008-06-22 13:31:32 ------------


EXTRA.TXT


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1014.73 MiB / 520.11 MiB
Pagefile Memory (total/avail): 2441.89 MiB / 1950.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.44 MiB

C: is Fixed (NTFS) - 179.31 GiB total, 155.4 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JD-98HBB0 - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 7 GiB
\PARTITION1 (bootable) - Installable File System - 179.31 GiB - C:

\\.\PHYSICALDRIVE2 - Sony CF Reader USB Device

\\.\PHYSICALDRIVE1 - Sony MS Reader USB Device

\\.\PHYSICALDRIVE4 - Sony SD/MMC Reader USB Device

\\.\PHYSICALDRIVE3 - Sony SM/xD Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1125364887\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1125364887\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Documents and Settings\\Cody Pace\\Desktop\\AVG AntiV\\avginet.exe"="C:\\Documents and Settings\\Cody Pace\\Desktop\\AVG AntiV\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Documents and Settings\\Cody Pace\\Desktop\\AVG AntiV\\avgamsvr.exe"="C:\\Documents and Settings\\Cody Pace\\Desktop\\AVG AntiV\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Documents and Settings\\Cody Pace\\Desktop\\AVG AntiV\\avgcc.exe"="C:\\Documents and Settings\\Cody Pace\\Desktop\\AVG AntiV\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Documents and Settings\\Cody Pace\\Desktop\\AVG AntiV\\avgemc.exe"="C:\\Documents and Settings\\Cody Pace\\Desktop\\AVG AntiV\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Cody Pace\\Desktop\\E-Signal\\winros.exe"="C:\\Documents and Settings\\Cody Pace\\Desktop\\E-Signal\\winros.exe:*:Enabled:eSignal Data Manager"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1125364887\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1125364887\\ee\\AOLServiceHost.exe:*:Disabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Cody Pace\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THECOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Cody Pace
LOGONSERVER=\\THECOMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CODYPA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CODYPA~1\LOCALS~1\Temp
USERDOMAIN=THECOMPUTER
USERNAME=Cody Pace
USERPROFILE=C:\Documents and Settings\Cody Pace
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Cody Pace (admin)
Laura Cortez (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> Dummy
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ACM Forex Trading Platform --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://[email protected]"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Agere Systems PCI Soft Modem --> agrsmdel
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autochartist --> MsiExec.exe /I{AB9B175B-6AE4-450D-868B-02DD0BBB5D34}
AVG 7.5 --> C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Click to DVD 2.0.03 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.4.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
Dell Printer Software Uninstall --> C:\Program Files\Dell_HostCD\Install\Uninstall.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
ESPN RunTime --> C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
eToro --> C:\PROGRA~1\eToro\UNWISE.EXE C:\PROGRA~1\eToro\INSTALL.LOG
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
ForexCharts --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{715F50DE-2BFB-4AC7-BB09-3FAE6AF3307E}\setup.exe" -l0x9 -uninst -removeonly
FOREXTrader --> rundll32.exe dfshim.dll,ShArpMaintain ForexTrader.application, Culture=neutral, PublicKeyToken=41a4e5181e81a918, processorArchitecture=msil
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IBFX - CPR --> MsiExec.exe /I{28154F98-6A45-4E6F-AB2A-C24B09ECEF1F}
IBFX - Rocks --> C:\Program Files\Interbank FX Trader 4\uninstall.exe
IBFX - Waves --> C:\Program Files\Interbank FX Trader 4\uninstall.exe
Image Converter 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9155A84B-A94B-496E-9661-9978EB0CBC7C}\Setup.exe" /UNINSTALL
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Lexmark X73 --> C:\Program Files\LexmarkX73\RemoveX73.exe
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
MetaTrader Manager 4.00 --> "C:\Program Files\MetaTrader Manager 4\Uninstall.exe" "C:\Program Files\MetaTrader Manager 4\metatradermanager.log"
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (VAIO_VEDB) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Movielink eHome version 1.1 --> "C:\Program Files\Movielink\eHome\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MTV Networks Video Optimizer --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4E505C7D-6176-411C-A513-9E7FECBC9CE5}
Netscape Internet Service Setup --> "C:\Program Files\Online Services\Netscape Online Setup\unwise.exe" /A "C:\Program Files\Online Services\Netscape Online Setup\install.log" Uninstall Netscape Internet Service Setup
OpenMG Limited Patch 4.1-05-13-31-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
SAM Office 2003 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B21BF93F-14EE-44EA-9689-42EE54ADA276}\setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SonicStage 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio Audio Filter Custom Preset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\setup.exe" -l0x9
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony MP4 Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony TV Tuner Library 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}\Setup.exe" -l0x9 UNINSTALL
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Stellarium 0.9.1 --> "C:\Program Files\Stellarium\unins000.exe"
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) --> C:\WINDOWS\$NtUninstallMC05Upd1$\spuninst\spuninst.exe
VAIO Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\Setup.exe" -l0x9
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Media 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media AC3 Decoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Registration Tool 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL
VAIO Original Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Original Screen Saver VAIO Motion SD Wide Contents --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51735133-A296-4EB0-BF16-AD93B55BD000}\setup.exe" -l0x9
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Structure Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E715FA41-46EB-4D3F-B4D9-A45973E76026}\setup.exe" -l0x9
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO Update 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E158BB9-37B9-464B-837E-CC1D5766291B}\setup.exe" -l0x9 -removeonly
Varengold Fox 4.00 --> "C:\Program Files\Varengold Fox\Uninstall.exe" "C:\Program Files\Varengold Fox\install.log"
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB895198 --> C:\WINDOWS\$NtUninstallKB895198$\spuninst\spuninst.exe
WinRAR archiver --> C:\Documents and Settings\Cody Pace\Desktop\VLC Player\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6364 / Warning
Event Submitted/Written: 06/22/2008 01:27:08 PM
Event ID/Source: 19011 / MSSQL$VAIO_VEDB
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type6354 / Warning
Event Submitted/Written: 06/22/2008 01:40:43 AM
Event ID/Source: 19011 / MSSQL$VAIO_VEDB
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type6345 / Warning
Event Submitted/Written: 06/20/2008 04:10:11 AM
Event ID/Source: 19011 / MSSQL$VAIO_VEDB
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type6339 / Error
Event Submitted/Written: 06/19/2008 00:24:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6334 / Warning
Event Submitted/Written: 06/17/2008 04:59:59 AM
Event ID/Source: 19011 / MSSQL$VAIO_VEDB
Event Description:
(SpnRegister) : Error 1355



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15059 / Warning
Event Submitted/Written: 06/21/2008 01:42:31 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001111E4EC78. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type15019 / Warning
Event Submitted/Written: 06/18/2008 00:02:32 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type15015 / Warning
Event Submitted/Written: 06/17/2008 11:36:18 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type14892 / Warning
Event Submitted/Written: 06/16/2008 00:03:02 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type14890 / Warning
Event Submitted/Written: 06/15/2008 00:44:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001111E4EC78. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-06-22 13:31:32 ------------
  • 0

#4
eddie5659
Posted 24 June 2008 - 10:43 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Excellent, always nice to find people with the same name :)


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Then post the MBAM< SAS and a fresh HijackThis log :)

eddie
  • 0

#5
wayorx
Posted 25 June 2008 - 09:31 AM

wayorx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the MBAM -

Malwarebytes' Anti-Malware 1.17
Database version: 862

10:27:34 AM 6/25/2008
mbam-log-6-25-2008 (10-27-34).txt

Scan type: Quick Scan
Objects scanned: 50892
Time elapsed: 8 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
wayorx
Posted 25 June 2008 - 10:42 AM

wayorx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2008 at 11:36 AM

Application Version : 4.15.1000

Core Rules Database Version : 3490
Trace Rules Database Version: 1481

Scan type : Complete Scan
Total Scan Time : 00:58:46

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 6115
Registry threats detected : 2
File items scanned : 124453
File threats detected : 120

Adware.Tracking Cookie
C:\Documents and Settings\Cody Pace\Cookies\cody pace@247realmedia[1].txt
.adopt.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
tag.adknowledge.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.smartadserver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.fls.doubleclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.fls.doubleclick.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad1.emediate.dk [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
ad1.emediate.dk [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
click.fspeletters.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
click.fspeletters.com [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.clickbank.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.pandasoftware.112.2o7.net [ C:\Documents and Settings\Cody Pace\Application Data\Mozilla\Firefox\Profiles\ne1c323h.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.glb.adtechus.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\oxc0qkam.default\cookies.txt ]
C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@adknowledge[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@adserver[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adtech[1].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
C:\Documents and Settings\Guest\Cookies\guest@banner[2].txt
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@insightexpressai[2].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@revenue[1].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
C:\Documents and Settings\Guest\Cookies\guest@smartadserver[2].txt
C:\Documents and Settings\Guest\Cookies\guest@specificclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[2].txt
C:\Documents and Settings\Guest\Cookies\guest@weborama[1].txt
C:\Documents and Settings\Guest\Cookies\guest@xiti[1].txt
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
creativeby.viewpoint.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.adknowledge.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.screensavers.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.i.screensavers.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.i.screensavers.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.www4.addfreestats.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.vhost.oddcast.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.vhost.oddcast.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.vhost.oddcast.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.vhost.oddcast.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.vhost.oddcast.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.vhost.oddcast.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.vhost.oddcast.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.vhost.oddcast.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.intellisrv.net [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.belnk.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\Laura Cortez\Application Data\Mozilla\Firefox\Profiles\jiim3fwt.default\cookies.txt ]
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@adecn[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@adknowledge[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@adrevolver[3].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@adserver[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@adserver[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@apmebf[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@atwola[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@azjmp[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@bannerspace[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@banner[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@belnk[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@emarketmakers[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@insightexpressai[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@insightexpresserdd[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@interclick[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@kanoodle[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@keywordmax[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@maxserving[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@nextag[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@oddcast[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@onlinerewardcenter[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@pathfinder[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@qnsr[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@screensavers[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@smileycentral[2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura cortez@tripod[1].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@2o7[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@adknowledge[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@adrevolver[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@adrevolver[3].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@adserver[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@advertising[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@atdmt[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@atwola[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@banner[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@belnk[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@burstnet[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@casalemedia[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@doubleclick[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@fastclick[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@hitbox[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@insightexpressai[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@insightexpresserdd[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@mediaplex[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@questionmarket[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@realmedia[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@tacoda[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@tradedoubler[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@trafficmp[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@tribalfusion[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@valueclick[2].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura [email protected][1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@xiti[1].txt
C:\Documents and Settings\Laura Cortez\Local Settings\Temp\Cookies\laura cortez@zedo[2].txt

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-4114926094-2440512121-57763163-1005\Software\Microsoft\Internet Explorer\Main#BandRest [ ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ ]
  • 0

#7
wayorx
Posted 25 June 2008 - 10:43 AM

wayorx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:30 AM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\guard.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgamsvr.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgupsvc.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgcc.exe
C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activatio...oad/tgctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204119399531
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform...ins/OFMailX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/o...e/bin/setup.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\DOCUME~1\CODYPA~1\Desktop\AVGANT~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 11658 bytes
  • 0

#8
eddie5659
Posted 29 June 2008 - 09:00 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Can't see much there, but is AVG still detecting the trojan?

Lets see if its hidden somewhere:

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
  • 0

#9
wayorx
Posted 30 June 2008 - 12:07 PM

wayorx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank You !, here is the gmer log...

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-30 13:06:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 86160368 ZwConnectPort
SSDT \??\C:\Documents and Settings\Cody Pace\Desktop\AVG AntiV\AntiSpy\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF7BAF8AC]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA60E3F20]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[1328] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042C948] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

---- EOF - GMER 1.0.14 ----
  • 0

#10
eddie5659
Posted 01 July 2008 - 12:52 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
That looks better, hows the computer running now?
  • 0

#11
wayorx
Posted 01 July 2008 - 04:48 PM

wayorx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you, Eddie, the computer is running fine.

I have a question, I started to uninstall AVG in another computer, b/c it was taking up too much memory...

when I was uninstalling, it asked me if I wanted to delete the quarantined folders, I said no.

Can you help me understand a little better how to handle all this ? I don't understand if virus should be deleted or quarantined once found...

Thanks !
  • 0

#12
eddie5659
Posted 02 July 2008 - 06:22 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Some files that are classed as suspect or a virus, are quarantined instead of deletion, in case you want to take them back again.

What I mean is, there is programs such as HP's BackWeb, that some virus programs see as a Trojan, but it is a legit program by Hewlet Packard. So, this is quarantined, to give the user the option to restore if needed. Web sites can be quarantined, as can cookies. Again, its all due to the the user having that extra option, but all the major viruses can be deleted straight away.

As you've left the folders on your computer, if you go to Windows Explorer, and in the Program Files, see if the folder is there (not got AVG, so can't say fully). If it is, there may be some files inside.

If you virus scanned a few weeks back, and you've not had any problems since, I would say its safe to delete the folder. You may want to leave it in the Recycle bin for a day or two, and then delete it fully :)

eddie
  • 0

#13
eddie5659
Posted 16 July 2008 - 11:12 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
We have a couple of last steps to perform and then you're all set.


First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#14
eddie5659
Posted 28 July 2008 - 11:51 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP