Member Avatar for JediSange

Well, first off let me explain my problem, and then I'll hit you guys with some logs. I usually wind up doing manual virus scans or AdAware scans. I haven't used AntiVirus that much since the only one I knew about was Norton (and that gets in the way of my gaming too much :D, so that's why I never use anti-virus software). So in any case, I had a horrible one awhile back and wound up giving into the reformat solution. After I got operational on the PC again, I found I had a new virus...

In my processes I have "rvsxjqq.exe" currently running and currently in my System32 folder. Let me click end process. Great, that went away...

But now there is "bodvlj.exe" running. (AKA RandomJumbleOfLetters.exe)

Anyhow, this keeps repeating and it is a never-ending process. I don't know much about viruses or this particular one, but I do know that AdAware goes berserk on em. It finds VX2 (with a rating of 10 >.0) and DrPmon or something to that extent. Both of which it never gets fully cleaned, I might add. In any case, I'll quit my noobish ramble and post my HJT log:

Note: SlimBrowser was installed after the viruses were in the system.

Logfile of HijackThis v1.99.1
Scan saved at 4:16:56 PM, on 6/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Austin\Desktop\ventrilo_srv-2.2.0-Windows-i386\ventrilo_srv.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Austin\Desktop\Jedi Knight 2 Minimizer.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\windows\system32\bodvlj.exe
C:\Documents and Settings\Austin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [kzxoob] c:\windows\system32\bodvlj.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

And I did manage to read up enough to get VX2 Finder. Here is what that log says:

Files Found---

Additional Files---

Keys Under Notify---
crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
wlballoon


Guardian Key--- is called:

Guardian Key--- :

User Agent String---


Any help would be awesome, and I'd appriciate it greatly. Thanks in advance. =)

EDIT: Added the VX2 Finder stuff.

  • 3 Contributors
  • 5 Replies
  • 207 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by dlh6213

Recommended Answers

All 5 Replies

Member Avatar for Xyzyxx

I just came here looking for an answer to the exact same problem.

EDIT: I did a search for the file name I found, and it found a match in System32. After I ended the process, the file disappeared.

Member Avatar for JediSange

Yes, and then a new process begins and makes itself in your System32 folder. It sucks. =\

Member Avatar for dlh6213

Hi JediSange and Xyzyxx, welcome to DaniWeb :D

Xyzyxx, you really should start your own thread, unless you just want to follow along with this one and see if you can clean up your system; but please, do not post any logs within this thread. Thanks :)

Start with this:

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/

Reboot into Safe Mode.

Double-click on the Nailfix.bat that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Reboot normally.

Scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [kzxoob] c:\windows\system32\bodvlj.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
C:\windows\system32\bodvlj.exe
C:\WINDOWS\svcproc.exe

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Reboot, close any open browser windows, scan with HJT, and post a new log please along with the Ewido log.

Member Avatar for JediSange

First off, thank you very much for taking your time to help me. I appriciate it.

Secondly, you're awesome. Your solution seems to have worked swimmingly. Anyhow, as you requested, here are the two logs:

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 3:11:07 PM, on 6/6/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\Austin\Desktop\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------


+ Created on:           2:50:01 PM, 6/6/2005
+ Report-Checksum:      C2DDFF0A


+ Scan result:


HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\intexp -> Spyware.IEPlugin
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\intexp\Config -> Spyware.IEPlugin
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin
C:\WINDOWS\system32\prfqhx.exe -> Trojan.Agent.cp
C:\WINDOWS\vyitbn.exe -> Spyware.BetterInternet
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c
C:\Documents and Settings\Austin\Local Settings\Temp\LVG\aurareco.exe -> Spyware.BetterInternet
C:\Documents and Settings\Austin\Local Settings\Temp\Cookies\austin@aimtoday.aol[1].txt -> Spyware.Cookie.Aol
C:\Documents and Settings\Austin\Local Settings\Temp\Cookies\austin@myspace[1].txt -> Spyware.Cookie.Myspace
C:\Documents and Settings\Austin\Local Settings\Temp\Cookies\austin@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram
C:\Documents and Settings\Austin\Local Settings\Temp\Cookies\austin@com[2].txt -> Spyware.Cookie.Com
C:\Documents and Settings\Austin\Local Settings\Temp\Cookies\austin@hitbox[2].txt -> Spyware.Cookie.Hitbox
C:\Documents and Settings\Austin\Local Settings\Temp\Cookies\austin@ehg-newegg.hitbox[1].txt -> Spyware.Cookie.Hitbox
C:\Documents and Settings\Austin\Cookies\austin@cliks[1].txt -> Spyware.Cookie.Cliks
C:\Documents and Settings\Austin\Cookies\austin@myspace[1].txt -> Spyware.Cookie.Myspace
C:\Documents and Settings\Austin\Cookies\austin@com[2].txt -> Spyware.Cookie.Com
C:\Documents and Settings\Austin\Cookies\austin@orbitz.rpts[1].txt -> Spyware.Cookie.Rpts
C:\Documents and Settings\Austin\Cookies\austin@ads.monster[1].txt -> Spyware.Cookie.Monster
C:\Documents and Settings\Austin\Cookies\austin@adopt.hotbar[2].txt -> Spyware.Cookie.Hotbar
C:\Documents and Settings\Austin\Cookies\austin@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick
C:\Documents and Settings\Austin\Cookies\austin@xiti[1].txt -> Spyware.Cookie.Xiti
C:\Documents and Settings\Austin\Cookies\austin@dist.belnk[2].txt -> Spyware.Cookie.Belnk
C:\Documents and Settings\Austin\Cookies\austin@atdmt[2].txt -> Spyware.Cookie.Atdmt
C:\Documents and Settings\Austin\Cookies\austin@realmedia[1].txt -> Spyware.Cookie.Realmedia
C:\Documents and Settings\Austin\Cookies\austin@ebgames[1].txt -> Spyware.Cookie.Ebgames
C:\Documents and Settings\Austin\Cookies\austin@adknowledge[2].txt -> Spyware.Cookie.Adknowledge
C:\Documents and Settings\Austin\Cookies\austin@www.creatrixads[2].txt -> Spyware.Cookie.Creatrixads
C:\Documents and Settings\Austin\Cookies\austin@doubleclick[1].txt -> Spyware.Cookie.Doubleclick
C:\Documents and Settings\Austin\Cookies\austin@as-us.falkag[1].txt -> Spyware.Cookie.Falkag
C:\Documents and Settings\Austin\Cookies\austin@aimtoday.aol[1].txt -> Spyware.Cookie.Aol
C:\Documents and Settings\Austin\Cookies\austin@www.download[2].txt -> Spyware.Cookie.Wwwdownload
C:\Documents and Settings\Austin\Cookies\austin@2o7[2].txt -> Spyware.Cookie.2o7
C:\Documents and Settings\Austin\Cookies\austin@emarketmakers[1].txt -> Spyware.Cookie.Emarketmakers
C:\Documents and Settings\Austin\Cookies\austin@burstnet[2].txt -> Spyware.Cookie.Burstnet
C:\Documents and Settings\Austin\Cookies\austin@maxserving[1].txt -> Spyware.Cookie.Maxserving
C:\Documents and Settings\Austin\Cookies\austin@rn11[2].txt -> Spyware.Cookie.Rn11
C:\Documents and Settings\Austin\Cookies\austin@questionmarket[1].txt -> Spyware.Cookie.Questionmarket
C:\Documents and Settings\Austin\Cookies\austin@www.vigrx[2].txt -> Spyware.Cookie.Vigrx
C:\Documents and Settings\Austin\Cookies\austin@element5[1].txt -> Spyware.Cookie.Element5
C:\Documents and Settings\Austin\Cookies\austin@tickle[1].txt -> Spyware.Cookie.Tickle
C:\Documents and Settings\Austin\Cookies\austin@stat.dealtime[2].txt -> Spyware.Cookie.Dealtime
C:\Documents and Settings\Austin\Cookies\austin@mediaplex[1].txt -> Spyware.Cookie.Mediaplex
C:\Documents and Settings\Austin\Cookies\austin@www.gamepro[1].txt -> Spyware.Cookie.Wwwgamepro
C:\Documents and Settings\Austin\Cookies\austin@www.smarttargetting[1].txt -> Spyware.Cookie.Smarttargetting
C:\Documents and Settings\Austin\Cookies\austin@trafficmp[1].txt -> Spyware.Cookie.Trafficmp
C:\Documents and Settings\Austin\Cookies\austin@perf.overture[1].txt -> Spyware.Cookie.Overture
C:\Documents and Settings\Austin\Cookies\austin@hitbox[2].txt -> Spyware.Cookie.Hitbox
C:\Documents and Settings\Austin\Cookies\austin@fastclick[2].txt -> Spyware.Cookie.Fastclick
C:\Documents and Settings\Austin\Cookies\austin@ehg-idgentertainment.hitbox[2].txt -> Spyware.Cookie.Hitbox
C:\Documents and Settings\Austin\Cookies\austin@ar.atwola[2].txt -> Spyware.Cookie.Atwola
C:\Documents and Settings\Austin\Cookies\austin@creativeby.viewpoint[1].txt -> Spyware.Cookie.Viewpoint
C:\Documents and Settings\Austin\Cookies\austin@btg.btgrab[1].txt -> Spyware.Cookie.Btgrab
C:\Documents and Settings\Austin\Cookies\austin@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll
C:\Documents and Settings\Austin\Cookies\austin@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet
C:\Documents and Settings\Austin\Cookies\austin@adtech[2].txt -> Spyware.Cookie.Adtech
C:\Documents and Settings\Austin\Cookies\austin@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram
C:\Documents and Settings\Austin\Cookies\austin@servedby.netshelter[2].txt -> Spyware.Cookie.Netshelter
C:\Documents and Settings\Austin\Cookies\austin@wdcs.trendmicro[1].txt -> Spyware.Cookie.Trendmicro
C:\Documents and Settings\Austin\Cookies\austin@advertising[1].txt -> Spyware.Cookie.Advertising
C:\Documents and Settings\Austin\Cookies\austin@servedby.advertising[2].txt -> Spyware.Cookie.Advertising
C:\Documents and Settings\Austin\Cookies\austin@offeroptimizer[2].txt -> Spyware.Cookie.Offeroptimizer
:mozilla.6:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Wwwdownload
:mozilla.7:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Com
:mozilla.8:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Wwwdownload
:mozilla.9:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Com
:mozilla.28:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.31:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.32:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.33:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.34:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.36:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Vigrx
:mozilla.37:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Vigrx
:mozilla.38:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Vigrx
:mozilla.49:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Offeroptimizer
:mozilla.50:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Offeroptimizer
:mozilla.51:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Offeroptimizer
:mozilla.52:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Offeroptimizer
:mozilla.53:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Offeroptimizer
:mozilla.54:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Offeroptimizer
:mozilla.55:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Offeroptimizer
:mozilla.57:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sex-tracker
:mozilla.58:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Element5
:mozilla.59:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Burstnet
:mozilla.60:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Viewpoint
:mozilla.61:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Adknowledge
:mozilla.63:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Maxserving
:mozilla.64:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Maxserving
:mozilla.65:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Atdmt
:mozilla.66:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.67:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.68:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.69:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Advertising
:mozilla.70:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Adrevolver
:mozilla.84:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sex-tracker
:mozilla.92:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Creatrixads
:mozilla.93:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Creatrixads
:mozilla.94:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Creatrixads
:mozilla.95:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Creatrixads
:mozilla.96:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Creatrixads
:mozilla.97:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Creatrixads
:mozilla.98:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Emarketmakers
:mozilla.101:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.102:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.103:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.104:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.105:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.106:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.107:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.108:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexcounter
:mozilla.109:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.110:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.111:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.112:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Albionmedical
:mozilla.113:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.118:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Abetterinternet
:mozilla.119:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Abetterinternet
:mozilla.120:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Abetterinternet
:mozilla.121:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Abetterinternet
:mozilla.122:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Abetterinternet
:mozilla.123:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Abetterinternet
:mozilla.124:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Abetterinternet
:mozilla.125:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Questionmarket
:mozilla.126:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Aol
:mozilla.148:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Cliks
:mozilla.149:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Cliks
:mozilla.150:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Cliks
:mozilla.151:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Cliks
:mozilla.152:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Cliks
:mozilla.153:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Cliks
:mozilla.155:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Specificclick
:mozilla.156:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Specificclick
:mozilla.157:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Specificclick
:mozilla.158:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Specificclick
:mozilla.159:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Valueclick
:mozilla.160:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Valueclick
:mozilla.165:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Trafficmp
:mozilla.166:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.2o7
:mozilla.167:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Myspace
:mozilla.168:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Myspace
:mozilla.169:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Myspace
:mozilla.170:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Myspace
:mozilla.171:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Myspace
:mozilla.172:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Myspace
:mozilla.173:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Myspace
:mozilla.182:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Cliks
:mozilla.183:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Belnk
:mozilla.184:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Belnk
:mozilla.195:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexlist
:mozilla.196:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Sexlist
:mozilla.198:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Doubleclick
:mozilla.199:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.200:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.201:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.202:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Monster
:mozilla.203:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.204:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.205:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.206:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Btgrab
:mozilla.207:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Adserver
:mozilla.208:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Adserver
:mozilla.211:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Hotbar
:mozilla.212:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Hotbar
:mozilla.213:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Hotbar
:mozilla.214:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Hotbar
:mozilla.226:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Trafficmp
:mozilla.228:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Trafficmp
:mozilla.229:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Trafficmp
:mozilla.230:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Trafficmp
:mozilla.240:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Aol
:mozilla.246:C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\7tvjtkqr.default\cookies.txt -> Spyware.Cookie.Adrevolver
C:\Program Files\support.com\client\bin\tgcmd.exe -> Heuristic.Win32.Backdoor2
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP18\A0005285.exe -> Trojan.Agent.cp
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP18\A0006315.exe -> Trojan.Agent.cp
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP18\A0006317.exe -> Trojan.Stervis.c
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP18\A0006318.exe -> Trojan.Nail
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP19\A0006378.exe -> Trojan.Agent.cp
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP19\A0006382.exe -> Trojan.Nail
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP19\A0006383.exe -> Trojan.Stervis.c
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP19\A0006385.exe -> Trojan.Agent.cp
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP19\A0006386.exe -> Spyware.BetterInternet
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP19\A0006387.exe -> TrojanDownloader.Intexp.c
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP19\A0006388.exe -> Heuristic.Win32.Backdoor2
E:\AC Tool\ACTool.exe -> Heuristic.Win32.Backdoor.IrcBot
E:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP19\A0006389.exe -> Heuristic.Win32.Backdoor.IrcBot
E:\TorrentSearch_v3_3_Beta_2\TorrentSearch_v3_3_Beta_2\70000016.exe -> TrojanDownloader.Swizzor.af



::Report End

Sorry it's long :X. Thanks again :cheesy: :D

Edited by happygeek because: fixed formatting
Member Avatar for dlh6213

I think you're pretty well cleaned up now, but there are a few things you should do.

First, see this thread for instructions on clearing out your Restore folder, then set a new restore point:
http://www.daniweb.com/techtalkforums/thread13362.html

Go to Widows Updated and get (at least) SP1a.

Avoid using file-sharing (aka P2P) programs as they can lead infections.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.