Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi! New here, need help.


  • This topic is locked This topic is locked
19 replies to this topic

#1 McHale0294

McHale0294

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 May 2009 - 09:56 AM

Hi! For the past few days, I've been infected with some nasty stuff that prevents me from accessing pages in Internet Explorer, and prevents other applications that use Internet Explorer from using it. However, I can use Opera Internet Browser just fine. I also find that I can't get into regedit. I've done numerous scans with Malwarebytes. It seems that each time I do a scan, about 58 issues pop up (this is after a full scan). I fix them, but when I restart my computer, they come back. I've tried to remove a few problems I know for sure were causing me problems, ld08exe, pp10.exe, SYS32DLL.exe and SYSDLL.exe. I think I removed them, but I'm still having issues. I have a HijackThis log posted below (I renamed the program to "myweb.exe" just so that it would open, would not do so otherwise).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:32, on 5/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\myweb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px(1)] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Policies\Explorer\Run: [{54F6D71E-0AE9-1033-0409-040405050001}] "C:\Program Files\Common Files\{54F6D71E-0AE9-1033-0409-040405050001}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194570187655
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C77E98FC-1A0A-4275-B3C5-B4220E4B960A}: NameServer = 168.192.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Workstation lanmanworkstationidsvc (lanmanworkstationidsvc) - Unknown owner - C:\WINDOWS\system32\6to4svcu.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15522 bytes

Edited by McHale0294, 24 May 2009 - 10:04 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 PM

Posted 24 May 2009 - 03:03 PM

Hello McHale0294,

Posted Image

First you should know that you're actually doing more harm than good by running 2 Anti Virus programs. (AVG and Avast!) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable or uninstall the other one, and use it as an on demand only scan occasionally.

We need to uninstall these programs first to make it easier to get rid of leftovers later.
To do this : Click start > controlpanel > add/remove Programs and uninstall the following, if present :

AskBarDis <---or anything else to do with Ask

Reboot afterward to reset the registry.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (file missing)
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O18 - Filter hijack: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - (no file)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[/B]

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folder(s) (if they exist):

C:\Program Files\AskBarDis

Reboot once again.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to McHale.exe and try it again. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 McHale0294

McHale0294
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 May 2009 - 05:28 PM

Thank you for your speedy reply teacup61! Here are the logs:

ComboFix 09-05-24.03 - Giorgio Rohme 05/24/2009 17:47:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.495 [GMT -4:00]
Running from: C:\Documents and Settings\Giorgio Rohme\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090519-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Giorgio Rohme\Start Menu\Programs\videosoft
C:\Documents and Settings\Giorgio Rohme\Start Menu\Programs\videosoft\Uninstall.lnk
C:\PROGRA~1\COMMON~1\{34F6D~1
C:\PROGRA~1\COMMON~1\{54F6D~1
C:\Program Files\INSTALL.LOG
C:\Program Files\videosoft
C:\Program Files\videosoft\Uninstall.exe
C:\WINDOWS\msmark2.dat
C:\WINDOWS\pp09.exe
C:\WINDOWS\pp10.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\st_1242712616.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\6to4svcu.exe
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\components
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
L:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANWORKSTATIONIDSVC
-------\Legacy_MSQPDXSERV.SYS
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_lanmanworkstationidsvc
-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 21:34:18 . 2009-05-23 21:34:18 0 d-sh--w C:\Documents and Settings\Giorgio Rohme\IECompatCache
2009-05-23 21:33:54 . 2009-05-23 21:33:54 0 d-sh--w C:\Documents and Settings\Giorgio Rohme\PrivacIE
2009-05-23 20:37:47 . 2009-05-23 20:37:47 0 d-sh--w C:\Documents and Settings\LocalService\IETldCache
2009-05-23 20:37:39 . 2009-05-23 20:37:39 0 d-sh--w C:\Documents and Settings\Giorgio Rohme\IETldCache
2009-05-23 17:24:16 . 2009-05-23 17:30:41 0 dc-h--w C:\WINDOWS\ie8
2009-05-23 17:09:51 . 2001-08-17 18:56:04 66048 -c--a-w C:\WINDOWS\system32\dllcache\s3legacy.dll
2009-05-22 18:14:12 . 2009-05-24 22:04:46 167378208 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2009-05-22 18:05:23 . 2008-08-22 00:41:32 72592 ----a-w C:\WINDOWS\zllsputility.exe
2009-05-22 18:05:08 . 2008-08-22 00:41:12 69008 ----a-w C:\WINDOWS\system32\zlcomm.dll
2009-05-22 18:05:08 . 2008-08-22 00:41:12 106384 ----a-w C:\WINDOWS\system32\zlcommdb.dll
2009-05-22 18:05:02 . 2008-08-22 00:41:18 1221008 ----a-w C:\WINDOWS\system32\zpeng25.dll
2009-05-22 17:56:07 . 2009-05-24 14:13:11 0 d-----w C:\WINDOWS\system32\121973
2009-05-22 17:52:38 . 2009-05-22 17:52:38 0 d-----w C:\Program Files\Zone Labs
2009-05-20 19:28:33 . 2009-05-20 19:28:33 2 ---h--w C:\WINDOWS\sto452730.dat
2009-05-20 19:28:30 . 2009-05-22 11:08:52 0 d-----w C:\WINDOWS\system32\547372
2009-05-20 05:17:56 . 2009-05-20 05:17:56 2 ---h--w C:\WINDOWS\sto452856.dat
2009-05-20 05:17:52 . 2009-05-20 11:22:29 0 d-----w C:\WINDOWS\system32\796525
2009-05-19 04:13:16 . 2009-05-19 04:13:16 2 ---h--w C:\WINDOWS\sto453192.dat
2009-05-19 02:13:05 . 2009-05-19 02:13:05 2 ---h--w C:\WINDOWS\sto453190.dat
2009-05-19 02:11:18 . 2009-05-19 02:11:19 32 ----a-w C:\WINDOWS\system32\3693102452.dat
2009-04-29 21:19:22 . 2009-04-29 21:19:22 41808 ----a-w C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 22:04:19 . 2009-03-02 18:34:11 4212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2009-05-24 21:53:27 . 2009-05-22 18:14:12 2240852 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2009-05-24 21:27:32 . 2009-05-24 21:29:27 2638848 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2009-05-24 21:27:31 . 2009-05-24 21:29:29 1395712 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2009-05-24 21:25:51 . 2009-05-24 21:29:29 1395712 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2009-05-24 17:09:21 . 2006-10-29 04:22:56 0 d-----w C:\Documents and Settings\Giorgio Rohme\Application Data\Xfire
2009-05-24 14:35:48 . 2009-05-24 14:38:29 272896 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2009-05-24 14:35:48 . 2009-05-24 14:38:29 1440768 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2009-05-24 14:34:11 . 2009-05-24 14:38:30 1440256 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2009-05-24 02:33:07 . 2009-05-24 02:34:52 3274752 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2009-05-23 03:21:07 . 2009-05-23 03:21:19 3042816 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2009-05-23 03:08:51 . 2009-05-23 03:10:19 1398272 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2009-05-22 18:14:39 . 2009-05-22 18:16:06 47104 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2009-05-22 18:14:37 . 2009-05-22 18:16:06 1999360 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2009-05-22 18:12:35 . 2009-05-22 18:16:06 1998336 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2009-05-22 17:44:45 . 2006-10-18 20:14:22 0 d-----w C:\Program Files\Spybot - Search & Destroy
2009-05-22 03:08:56 . 2009-03-02 18:27:13 0 d-----w C:\Documents and Settings\Giorgio Rohme\Application Data\Azureus
2009-05-18 19:33:41 . 2009-04-10 14:09:06 3761848 ----a-w C:\WINDOWS\Internet Logs\tvDebug.Zip
2009-05-17 16:27:55 . 2006-10-29 04:19:13 0 d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-16 05:24:17 . 2004-08-09 20:43:18 137600 ----a-w C:\Documents and Settings\Giorgio Rohme\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 23:23:01 . 2009-05-13 23:23:00 127747 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2009_05_13_19_20_56_small.dmp.zip
2009-05-13 00:12:25 . 2008-11-13 22:47:13 0 d-----w C:\Program Files\Roxio
2009-05-13 00:12:06 . 2008-11-13 22:47:13 0 d-----w C:\Program Files\Common Files\Sonic Shared
2009-05-13 00:08:23 . 2008-11-13 22:46:31 0 d-----w C:\Program Files\Common Files\Roxio Shared
2009-05-12 23:59:02 . 2008-11-13 22:47:25 0 d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2009-05-09 08:44:21 . 2006-09-12 20:04:08 0 d-----w C:\Program Files\mIRC
2009-05-04 19:17:36 . 2006-09-17 03:18:24 0 d-----w C:\Program Files\Trillian
2009-04-30 11:49:38 . 2009-03-02 18:23:10 0 d-----w C:\Program Files\Vuze
2009-04-24 02:01:59 . 2009-04-24 02:01:59 0 d-----w C:\Documents and Settings\Giorgio Rohme\Application Data\Publish Providers
2009-04-24 01:52:05 . 2009-04-24 01:52:05 0 d-----w C:\Documents and Settings\Giorgio Rohme\Application Data\Sony
2009-04-24 01:25:07 . 2009-04-24 01:25:07 0 d-----w C:\Program Files\Vstplugins
2009-04-24 01:24:39 . 2009-04-24 01:24:39 0 d-----w C:\Documents and Settings\All Users\Application Data\Sony
2009-04-24 01:03:13 . 2008-05-18 06:01:56 0 d-----w C:\Program Files\MSBuild
2009-04-24 00:32:05 . 2009-04-24 00:32:05 320040 ----a-w C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-24 00:06:01 . 2009-04-24 00:06:01 0 d-----w C:\Program Files\Reference Assemblies
2009-04-23 23:58:30 . 2009-04-23 23:57:04 52770576 ----a-w C:\Documents and Settings\Giorgio Rohme\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-04-23 23:57:03 . 2009-04-23 23:54:52 0 d-----w C:\Documents and Settings\Giorgio Rohme\Application Data\Sony Setup
2009-04-23 23:09:29 . 2008-08-23 11:25:51 0 d-----w C:\Program Files\Magic Video Converter
2009-04-18 04:06:50 . 2006-10-22 23:37:45 0 d-----w C:\Program Files\DivX
2009-04-18 04:00:49 . 2009-04-18 03:59:12 0 d-----w C:\Program Files\Common Files\DivX Shared
2009-04-13 01:49:43 . 2009-04-13 01:39:55 0 d-----w C:\Program Files\EWQLSO Gold
2009-04-04 18:11:18 . 2007-07-31 10:54:59 98304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2009-04-04 17:30:42 . 2004-03-31 21:16:30 0 d--h--w C:\Program Files\InstallShield Installation Information
2009-04-02 20:22:49 . 2007-08-26 07:01:29 0 d-----w C:\Program Files\eMule
2009-04-02 18:10:15 . 2008-10-17 15:18:34 0 d-----w C:\Documents and Settings\Giorgio Rohme\Application Data\DNA
2009-04-02 09:59:07 . 2008-10-17 15:18:34 0 d-----w C:\Program Files\DNA
2009-04-01 03:23:22 . 2006-09-12 21:53:20 0 d-----w C:\Program Files\Winamp
2009-03-30 04:06:44 . 2009-03-02 17:05:07 0 d-----w C:\Documents and Settings\Giorgio Rohme\Application Data\uTorrent
2009-03-29 22:13:34 . 2009-03-29 22:13:33 117075 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2009_03_29_12_43_33_small.dmp.zip
2009-03-29 00:41:47 . 2008-11-22 18:06:47 0 d-----w C:\Program Files\ProxyHunter
2009-03-26 03:49:23 . 2004-03-31 23:59:54 0 d-----w C:\Program Files\Google
2009-03-15 00:26:51 . 2008-05-12 00:27:55 413696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2009-03-15 00:26:51 . 2008-05-12 00:27:55 110592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2009-03-08 08:34:58 . 2004-12-07 21:37:02 914944 ----a-w C:\WINDOWS\system32\wininet.dll
2009-03-08 08:34:30 . 2004-03-31 19:59:38 43008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2009-03-08 08:33:40 . 2004-03-31 19:59:28 18944 ----a-w C:\WINDOWS\system32\corpol.dll
2009-03-08 08:33:06 . 2004-03-31 19:59:47 420352 ----a-w C:\WINDOWS\system32\vbscript.dll
2009-03-08 08:32:56 . 2004-03-31 19:59:26 72704 ----a-w C:\WINDOWS\system32\admparse.dll
2009-03-08 08:32:50 . 2004-03-31 19:59:37 71680 ----a-w C:\WINDOWS\system32\iesetup.dll
2009-03-08 08:31:38 . 2004-03-31 19:59:37 34816 ----a-w C:\WINDOWS\system32\imgutil.dll
2009-03-08 08:31:18 . 2004-03-31 19:59:38 48128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2009-03-08 08:31:02 . 2004-03-31 19:59:38 45568 ----a-w C:\WINDOWS\system32\mshta.exe
2009-03-08 08:22:38 . 2004-03-31 19:59:39 156160 ----a-w C:\WINDOWS\system32\msls31.dll
2009-03-04 20:18:26 . 2009-03-04 20:18:26 98321 ----a-w C:\WINDOWS\Internet Logs\UpdClient_2nd_2009_03_04_09_32_28_small.dmp.zip
2009-03-04 20:18:26 . 2009-03-04 20:18:25 94362 ----a-w C:\WINDOWS\Internet Logs\UpdClient_2nd_2009_03_04_02_17_09_small.dmp.zip
2009-02-24 19:34:16 . 2009-02-24 19:34:16 90112 ----a-w C:\WINDOWS\system32\dpl100.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 823296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 823296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 815104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 802816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 684032 ----a-w C:\WINDOWS\system32\DivX.dll
2005-03-04 03:21:44 . 2005-03-04 03:36:17 10752 ----a-w C:\Program Files\quotes.doc
2005-03-04 03:19:48 . 2005-03-04 03:36:17 128512 ----a-w C:\Program Files\Civil War Report.doc
2005-03-04 03:19:12 . 2005-03-04 03:36:17 10240 ----a-w C:\Program Files\contents.doc
2005-03-04 03:18:42 . 2005-03-04 03:36:17 6144 ----a-w C:\Program Files\civil war movies.doc
2005-03-04 03:18:16 . 2005-03-04 03:36:16 10752 ----a-w C:\Program Files\reflection.doc
2005-03-04 03:16:58 . 2005-03-04 03:36:17 6144 ----a-w C:\Program Files\report.doc
2005-03-04 03:15:56 . 2005-03-04 03:36:17 55808 ----a-w C:\Program Files\battle.doc
2005-03-04 03:15:10 . 2005-03-04 03:36:17 5632 ----a-w C:\Program Files\title page.doc
2005-03-04 03:14:26 . 2005-03-04 03:36:17 141824 ----a-w C:\Program Files\abe.doc
2009-02-24 19:34:32 . 2009-02-24 19:34:32 1044480 ----a-w C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34:32 . 2009-02-24 19:34:32 200704 ----a-w C:\Program Files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34:32 . 2009-02-24 19:34:32 1044480 ----a-w C:\Program Files\opera\program\plugins\libdivx.dll
2009-02-24 19:34:32 . 2009-02-24 19:34:32 200704 ----a-w C:\Program Files\opera\program\plugins\ssldivx.dll
.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:35, on 5/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\Program Files\Xfire\xfire.exe
C:\Program Files\Opera\opera.exe
G:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\myweb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px(1)] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Policies\Explorer\Run: [{54F6D71E-0AE9-1033-0409-040405050001}] "C:\Program Files\Common Files\{54F6D71E-0AE9-1033-0409-040405050001}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194570187655
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C77E98FC-1A0A-4275-B3C5-B4220E4B960A}: NameServer = 168.192.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14336 bytes

Edited by McHale0294, 24 May 2009 - 05:33 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 PM

Posted 24 May 2009 - 05:35 PM

Hi,

The ComboFix log got cut off. Could you please post the whole thing for me? :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 McHale0294

McHale0294
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 May 2009 - 06:30 PM

Oh....I think I canceled the log process because I thought the program stalled on me....sorry! :thumbup2:

Edited by McHale0294, 24 May 2009 - 06:49 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 PM

Posted 24 May 2009 - 07:14 PM

It takes a while sometimes, and no need to be sorry. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 McHale0294

McHale0294
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 May 2009 - 08:06 PM

Thank you for your help Teacup, I seem to have fixed the problem. :thumbup2:

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 PM

Posted 24 May 2009 - 08:10 PM

You don't want to finish? :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 McHale0294

McHale0294
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 25 May 2009 - 02:11 AM

What else do I need to do?

Edited by McHale0294, 25 May 2009 - 02:13 AM.


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 PM

Posted 25 May 2009 - 10:57 AM

Hello,

I really would like to see the full ComboFix log to see if anything remains, and a fresh HijackThis log. Are you still having the original problem, and is MBAM coming up clean?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 McHale0294

McHale0294
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 25 May 2009 - 01:38 PM

The original problem seems to have been cleared up. MBAM comes up successfully. I will try to get you the full ComboFix log and HijackThis log shortly.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 PM

Posted 25 May 2009 - 02:01 PM

Excellent, and thank you! :thumbup2: I would feel really bad if you went away before I knew for sure everything was clear.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 McHale0294

McHale0294
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 25 May 2009 - 03:08 PM

It took a while, but here are the logs:

ComboFix 09-05-25.01 - Giorgio Rohme 05/25/2009 15:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.457 [GMT -4:00]
Running from: c:\documents and settings\Giorgio Rohme\My Documents\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090525-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Giorgio Rohme\Start Menu\Programs\videosoft
c:\documents and settings\Giorgio Rohme\Start Menu\Programs\videosoft\Uninstall.lnk
c:\progra~1\COMMON~1\{34F6D~1
c:\progra~1\COMMON~1\{54F6D~1
c:\program files\INSTALL.LOG
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
c:\windows\msmark2.dat
c:\windows\pp09.exe
c:\windows\pp10.exe
c:\windows\setup.exe
c:\windows\st_1242712616.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\6to4svcu.exe
c:\windows\system32\bang-006.ico
c:\windows\system32\components
c:\windows\system32\dumphive.exe
c:\windows\system32\hjllm.bak1
c:\windows\system32\hjllm.bak2
c:\windows\system32\hjllm.ini
c:\windows\system32\hjllm.ini2
c:\windows\system32\hjllm.tmp
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
L:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANWORKSTATIONIDSVC
-------\Legacy_MSQPDXSERV.SYS
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_lanmanworkstationidsvc
-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.

2009-05-25 16:11 . 2009-05-25 16:11 2967799 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-25 07:07 . 2009-05-25 07:07 -------- d-----w c:\program files\AskBardis
2009-05-24 23:44 . 2009-03-26 21:04 110592 ----a-w c:\documents and settings\Giorgio Rohme\Application Data\Mozilla\Firefox\Profiles\4161nuig.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-05-23 21:34 . 2009-05-23 21:34 -------- d-sh--w c:\documents and settings\Giorgio Rohme\IECompatCache
2009-05-23 21:33 . 2009-05-23 21:33 -------- d-sh--w c:\documents and settings\Giorgio Rohme\PrivacIE
2009-05-23 20:37 . 2009-05-23 20:37 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-23 20:37 . 2009-05-23 20:37 -------- d-sh--w c:\documents and settings\Giorgio Rohme\IETldCache
2009-05-23 17:24 . 2009-05-23 17:30 -------- dc-h--w c:\windows\ie8
2009-05-23 17:09 . 2001-08-17 18:56 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll
2009-05-22 18:14 . 2009-05-25 19:43 416692000 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-22 18:05 . 2008-08-22 00:41 72592 ----a-w c:\windows\zllsputility.exe
2009-05-22 18:05 . 2008-08-22 00:41 69008 ----a-w c:\windows\system32\zlcomm.dll
2009-05-22 18:05 . 2008-08-22 00:41 106384 ----a-w c:\windows\system32\zlcommdb.dll
2009-05-22 18:05 . 2008-08-22 00:41 1221008 ----a-w c:\windows\system32\zpeng25.dll
2009-05-22 17:56 . 2009-05-24 14:13 -------- d-----w c:\windows\system32\121973
2009-05-22 17:52 . 2009-05-22 17:52 -------- d-----w c:\program files\Zone Labs
2009-05-20 19:28 . 2009-05-20 19:28 2 ---h--w c:\windows\sto452730.dat
2009-05-20 19:28 . 2009-05-22 11:08 -------- d-----w c:\windows\system32\547372
2009-05-20 05:17 . 2009-05-20 05:17 2 ---h--w c:\windows\sto452856.dat
2009-05-20 05:17 . 2009-05-20 11:22 -------- d-----w c:\windows\system32\796525
2009-05-19 04:13 . 2009-05-19 04:13 2 ---h--w c:\windows\sto453192.dat
2009-05-19 02:13 . 2009-05-19 02:13 2 ---h--w c:\windows\sto453190.dat
2009-05-19 02:11 . 2009-05-19 02:11 32 ----a-w c:\windows\system32\3693102452.dat
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 19:22 . 2009-03-02 18:34 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-25 16:13 . 2008-08-06 07:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 00:11 . 2006-10-29 04:22 -------- d-----w c:\documents and settings\Giorgio Rohme\Application Data\Xfire
2009-05-24 21:53 . 2009-05-22 18:14 2240852 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-24 21:27 . 2009-05-24 21:29 2638848 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-05-24 21:27 . 2009-05-24 21:29 1395712 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-05-24 21:25 . 2009-05-24 21:29 1395712 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-05-24 14:35 . 2009-05-24 14:38 272896 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-05-24 14:35 . 2009-05-24 14:38 1440768 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-05-24 14:34 . 2009-05-24 14:38 1440256 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-05-24 02:33 . 2009-05-24 02:34 3274752 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-05-23 03:21 . 2009-05-23 03:21 3042816 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-05-23 03:08 . 2009-05-23 03:10 1398272 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-05-22 18:14 . 2009-05-22 18:16 47104 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-05-22 18:14 . 2009-05-22 18:16 1999360 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-05-22 18:12 . 2009-05-22 18:16 1998336 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-05-22 17:44 . 2006-10-18 20:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-22 03:08 . 2009-03-02 18:27 -------- d-----w c:\documents and settings\Giorgio Rohme\Application Data\Azureus
2009-05-18 19:33 . 2009-04-10 14:09 3761848 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-05-17 16:27 . 2006-10-29 04:19 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-16 05:24 . 2004-08-09 20:43 137600 ----a-w c:\documents and settings\Giorgio Rohme\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 23:23 . 2009-05-13 23:23 127747 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_05_13_19_20_56_small.dmp.zip
2009-05-13 00:12 . 2008-11-13 22:47 -------- d-----w c:\program files\Roxio
2009-05-13 00:12 . 2008-11-13 22:47 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-13 00:08 . 2008-11-13 22:46 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-12 23:59 . 2008-11-13 22:47 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-05-09 08:44 . 2006-09-12 20:04 -------- d-----w c:\program files\mIRC
2009-05-04 19:17 . 2006-09-17 03:18 -------- d-----w c:\program files\Trillian
2009-04-30 11:49 . 2009-03-02 18:23 -------- d-----w c:\program files\Vuze
2009-04-24 02:01 . 2009-04-24 02:01 -------- d-----w c:\documents and settings\Giorgio Rohme\Application Data\Publish Providers
2009-04-24 01:52 . 2009-04-24 01:52 -------- d-----w c:\documents and settings\Giorgio Rohme\Application Data\Sony
2009-04-24 01:25 . 2009-04-24 01:25 -------- d-----w c:\program files\Vstplugins
2009-04-24 01:24 . 2009-04-24 01:24 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-04-24 01:03 . 2008-05-18 06:01 -------- d-----w c:\program files\MSBuild
2009-04-24 00:32 . 2009-04-24 00:32 320040 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-24 00:06 . 2009-04-24 00:06 -------- d-----w c:\program files\Reference Assemblies
2009-04-23 23:58 . 2009-04-23 23:57 52770576 ----a-w c:\documents and settings\Giorgio Rohme\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-04-23 23:57 . 2009-04-23 23:54 -------- d-----w c:\documents and settings\Giorgio Rohme\Application Data\Sony Setup
2009-04-23 23:09 . 2008-08-23 11:25 -------- d-----w c:\program files\Magic Video Converter
2009-04-18 04:06 . 2006-10-22 23:37 -------- d-----w c:\program files\DivX
2009-04-18 04:00 . 2009-04-18 03:59 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-13 01:49 . 2009-04-13 01:39 -------- d-----w c:\program files\EWQLSO Gold
2009-04-06 19:32 . 2008-08-06 07:01 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-06 07:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 18:11 . 2007-07-31 10:54 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-04 17:30 . 2004-03-31 21:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 20:22 . 2007-08-26 07:01 -------- d-----w c:\program files\eMule
2009-04-02 18:10 . 2008-10-17 15:18 -------- d-----w c:\documents and settings\Giorgio Rohme\Application Data\DNA
2009-04-02 09:59 . 2008-10-17 15:18 -------- d-----w c:\program files\DNA
2009-04-01 03:23 . 2006-09-12 21:53 -------- d-----w c:\program files\Winamp
2009-03-30 04:06 . 2009-03-02 17:05 -------- d-----w c:\documents and settings\Giorgio Rohme\Application Data\uTorrent
2009-03-29 22:13 . 2009-03-29 22:13 117075 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_29_12_43_33_small.dmp.zip
2009-03-29 00:41 . 2008-11-22 18:06 -------- d-----w c:\program files\ProxyHunter
2009-03-15 00:26 . 2008-05-12 00:27 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-15 00:26 . 2008-05-12 00:27 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-08 08:34 . 2004-12-07 21:37 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-03-31 19:59 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-03-31 19:59 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-03-31 19:59 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-03-31 19:59 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-03-31 19:59 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-03-31 19:59 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-03-31 19:59 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-03-31 19:59 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-03-31 19:59 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-04 20:18 . 2009-03-04 20:18 98321 ----a-w c:\windows\Internet Logs\UpdClient_2nd_2009_03_04_09_32_28_small.dmp.zip
2009-03-04 20:18 . 2009-03-04 20:18 94362 ----a-w c:\windows\Internet Logs\UpdClient_2nd_2009_03_04_02_17_09_small.dmp.zip
2005-03-04 03:21 . 2005-03-04 03:36 10752 ----a-w c:\program files\quotes.doc
2005-03-04 03:19 . 2005-03-04 03:36 128512 ----a-w c:\program files\Civil War Report.doc
2005-03-04 03:19 . 2005-03-04 03:36 10240 ----a-w c:\program files\contents.doc
2005-03-04 03:18 . 2005-03-04 03:36 6144 ----a-w c:\program files\civil war movies.doc
2005-03-04 03:18 . 2005-03-04 03:36 10752 ----a-w c:\program files\reflection.doc
2005-03-04 03:16 . 2005-03-04 03:36 6144 ----a-w c:\program files\report.doc
2005-03-04 03:15 . 2005-03-04 03:36 55808 ----a-w c:\program files\battle.doc
2005-03-04 03:15 . 2005-03-04 03:36 5632 ----a-w c:\program files\title page.doc
2005-03-04 03:14 . 2005-03-04 03:36 141824 ----a-w c:\program files\abe.doc
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"ezShieldProtector for Px(1)"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-22 981904]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-12-12 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-7-7 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 23:46 87352 ----a-w c:\windows\system32\LMIinit.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi5"= mapledxp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Giorgio Rohme\\My Documents\\Zsnes\\ZSNESW.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"g:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"g:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"g:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"g:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Giorgio Rohme\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29070:TCP"= 29070:TCP:Jedi Academy
"29060:TCP"= 29060:TCP:Master Server
"29071:TCP"= 29071:TCP:Other
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"31321:TCP"= 31321:TCP:31321
"31321:UDP"= 31321:UDP:31321

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [7/28/2004 5:47 PM 10240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/4/2009 11:06 PM 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [5/12/2007 12:12 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [5/12/2007 12:18 AM 8192]
R2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [8/2/2006 4:24 AM 99840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/4/2009 11:06 PM 20560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/29/2006 7:31 PM 33792]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [12/12/2007 6:35 PM 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [12/12/2007 6:37 PM 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [12/12/2007 6:37 PM 309784]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [12/12/2007 6:35 PM 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [12/12/2007 6:36 PM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [12/12/2007 6:36 PM 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [12/12/2007 6:35 PM 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [12/12/2007 6:35 PM 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [12/12/2007 6:36 PM 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [12/12/2007 6:36 PM 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [12/12/2007 6:36 PM 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [12/12/2007 6:36 PM 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [12/12/2007 6:37 PM 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [12/12/2007 6:37 PM 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [12/12/2007 6:36 PM 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [12/12/2007 6:36 PM 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [12/12/2007 6:37 PM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [12/12/2007 6:37 PM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [12/12/2007 6:36 PM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [12/12/2007 6:36 PM 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [12/12/2007 6:36 PM 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [12/12/2007 6:36 PM 534040]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 6to4
*Deregistered* - ALG
*Deregistered* - APC UPS Service
*Deregistered* - Apple Mobile Device
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - Autodesk Licensing Service
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Giga Pocket Hardware Detector
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - InCDsrv
*Deregistered* - ip6fw
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KLIF
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LexBceS
*Deregistered* - LightScribeService
*Deregistered* - LmHosts
*Deregistered* - lmimirr
*Deregistered* - LMIRfsDriver
*Deregistered* - mapledxp
*Deregistered* - MASPINT
*Deregistered* - MBAMSwissArmy
*Deregistered* - McciCMService
*Deregistered* - MCSTRM
*Deregistered* - mi-raysat_3dsmax9_32
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMIndexingService
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - ose
*Deregistered* - ossrv
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PfModNT
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Sony TV Tuner Manager
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srescan
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Tcpip6
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - tunmp
*Deregistered* - Udfs
*Deregistered* - Update
*Deregistered* - VAIO Entertainment File Import Service
*Deregistered* - VAIOMediaPlatform-IntegratedServer-AppServer
*Deregistered* - VAIOMediaPlatform-IntegratedServer-HTTP
*Deregistered* - VAIOMediaPlatform-IntegratedServer-UPnP
*Deregistered* - VAIOMediaPlatform-VideoServer-AppServer
*Deregistered* - VAIOMediaPlatform-VideoServer-HTTP
*Deregistered* - VAIOMediaPlatform-VideoServer-UPnP
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - VProt2k
*Deregistered* - vsdatant
*Deregistered* - vsmon
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347CD617-D593-0125-834C-67FB316A7FE8}]
c:\windows\system32:win32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9E2369C1-D1DE-0E11-1D4B-FCAFF3F3007E}]
c:\program files\system22\winn32.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865963971-263924416-4037608350-1005.job
- c:\documents and settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:54]

2004-08-20 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-03-31 07:56]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Explorer_Run-{54F6D71E-0AE9-1033-0409-040405050001} - c:\program files\Common Files\{54F6D71E-0AE9-1033-0409-040405050001}\Update.exe
Notify-avgrsstarter - avgrsstx.dll
Notify-WRNotifier - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {C77E98FC-1A0A-4275-B3C5-B4220E4B960A} = 168.192.1.254
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Giorgio Rohme\Application Data\Mozilla\Firefox\Profiles\4161nuig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - plugin: c:\documents and settings\Giorgio Rohme\Application Data\Mozilla\Firefox\Profiles\4161nuig.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: g:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: g:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3865963971-263924416-4037608350-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(356)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-05-25 16:01
ComboFix-quarantined-files.txt 2009-05-25 20:01

Pre-Run: 35,715,461,120 bytes free
Post-Run: 35,676,979,200 bytes free

466 --- E O F --- 2008-07-09 07:04






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:34, on 5/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
G:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px(1)] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Giorgio Rohme\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194570187655
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C77E98FC-1A0A-4275-B3C5-B4220E4B960A}: NameServer = 168.192.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13962 bytes

Edited by McHale0294, 25 May 2009 - 03:08 PM.


#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 PM

Posted 25 May 2009 - 04:54 PM

Hello,

Whoa....I need to have a file looked at, please :

Please navigate to the following file:

c:\program files\system22\winn32.exe

Please go to VirusTotal and submit the file for a scan and post the results in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 McHale0294

McHale0294
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 25 May 2009 - 06:09 PM

I can't seem to find winn32.exe in that folder. All I see is system22.dat.

Edited by McHale0294, 25 May 2009 - 06:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users