|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
09-22-2008, 06:11 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2008
Posts: 2
OS: xp
|
Google redirects and hearing past audio in speakers long after a system shutdown!!
I'm not sure what site it was, but some site implanted a fake antivirus downloader into my desktop, removing my background. I'm an extreme novice, so I left it there for a while, thinking it would be gone when I restarted. First came the google redirects, then I watched a Seinfeld/Bill Gates video on microsoft.com. All I did was run spybot and then shut down the computer. I logged back on a few minutes later, and the redirects were mostly gone, but windows firewall and zone alarm virus scan were oddly disabled. After that I began to hear strange glitchy sounds in my speakers and when I turned up the volume I realized I was listening to the highly distorted audio of the video I'd watched minutes before. I was like an intruder was hovering over me like "look what I can do, and you can't do a thing about it."
Now I have ad-aware, rsit, hijackthis, currports, and I ran combofix in the recovery console. I ran all these in safe mode, but the system seems just seems "wrong" to me, and I don't feel secure. Here is a rsit log. Please, any help at all would be great. Logfile of random's system information tool 1.02 (written by random/random) Run by PJ Hines at 2008-09-22 19:42:40 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 40 GB (58%) free of 70 GB Total RAM: 247 MB (30% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:42:54 PM, on 9/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Documents and Settings\PJ Hines\Desktop\cports.exe C:\Documents and Settings\PJ Hines\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\PJ Hines.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - S-1-5-18 Startup: Organize.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: Organize.lnk = ? (User 'Default user') O4 - .DEFAULT User Startup: Organize.lnk = ? (User 'Default user') O4 - Startup: Organize.lnk = ? O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- End of file - 4861 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-W04GTXLD67-Brian Hines).job C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-W04GTXLD67-Eric Hines).job C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-W04GTXLD67-Linda Hines).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-17 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-09-17 262144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-09-17 262144] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-17 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992] "LTMSG"=LTMSG.exe 7 [] "Device Detector"=C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe [2004-09-02 221184] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648] "VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2008-02-13 2065648] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-17 1235736] "UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-11-04 45056] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2003-07-23 53248] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RecordNow!"=C:\WINDOWS\system32\ "NVIEW"=C:\WINDOWS\system32\nview.dll [2003-08-19 852038] C:\Documents and Settings\PJ Hines\Start Menu\Programs\Startup Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2008-09-22 01:37:38 ----SHD---- C:\RECYCLER 2008-09-21 23:10:54 ----D---- C:\WINDOWS\temp 2008-09-21 23:10:51 ----A---- C:\ComboFix.txt 2008-09-21 22:21:07 ----DC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-20 01:12:11 ----D---- C:\Documents and Settings\PJ Hines\Application Data\AVGTOOLBAR 2008-09-20 00:51:35 ----D---- C:\Documents and Settings\PJ Hines\Application Data\Adobe 2008-09-19 07:36:17 ----D---- C:\WINDOWS\erdnt 2008-09-19 07:35:30 ----A---- C:\WINDOWS\zip.exe 2008-09-19 07:35:30 ----A---- C:\WINDOWS\VFind.exe 2008-09-19 07:35:30 ----A---- C:\WINDOWS\swxcacls.exe 2008-09-19 07:35:30 ----A---- C:\WINDOWS\swsc.exe 2008-09-19 07:35:30 ----A---- C:\WINDOWS\swreg.exe 2008-09-19 07:35:30 ----A---- C:\WINDOWS\sed.exe 2008-09-19 07:35:30 ----A---- C:\WINDOWS\Nircmd.exe 2008-09-19 07:35:30 ----A---- C:\WINDOWS\grep.exe 2008-09-19 07:35:30 ----A---- C:\WINDOWS\fdsv.exe 2008-09-19 06:51:56 ----D---- C:\Qoobox 2008-09-19 06:50:36 ----A---- C:\WINDOWS\ntbtlog.txt 2008-09-19 06:07:06 ----D---- C:\rsit 2008-09-19 05:52:52 ----A---- C:\rollback.ini 2008-09-17 21:58:55 ----A---- C:\WINDOWS\WORDPAD.INI 2008-09-17 18:46:22 ----HD---- C:\$AVG8.VAULT$ 2008-09-17 13:38:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2008-09-17 13:37:31 ----D---- C:\Program Files\AVG 2008-09-17 13:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2008-09-17 13:10:37 ----D---- C:\Program Files\ZoneAlarmSB 2008-09-17 13:08:03 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-09-17 13:07:42 ----A---- C:\WINDOWS\zllsputility.exe 2008-09-17 13  47 ----A---- C:\WINDOWS\system32\vsregexp.dll2008-09-17 13 47 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll2008-09-17 13 45 ----A---- C:\WINDOWS\system32\zlcommdb.dll2008-09-17 13 45 ----A---- C:\WINDOWS\system32\zlcomm.dll2008-09-17 13 30 ----A---- C:\WINDOWS\system32\zpeng24.dll2008-09-17 13 30 ----A---- C:\WINDOWS\system32\vswmi.dll2008-09-17 13 29 ----D---- C:\WINDOWS\system32\ZoneLabs2008-09-17 13 29 ----A---- C:\WINDOWS\system32\vsxml.dll2008-09-17 13 28 ----D---- C:\Program Files\Zone Labs2008-09-17 13 28 ----A---- C:\WINDOWS\system32\vspubapi.dll2008-09-17 13 28 ----A---- C:\WINDOWS\system32\vsmonapi.dll2008-09-17 13:05:43 ----A---- C:\WINDOWS\system32\vsutil.dll 2008-09-17 13:05:43 ----A---- C:\WINDOWS\system32\vsinit.dll 2008-09-17 13:05:43 ----A---- C:\WINDOWS\system32\vsdata.dll 2008-09-17 01:57:49 ----SHD---- C:\WINDOWS\system32\twain_32 2008-09-15 20:57:47 ----D---- C:\Program Files\Citrix 2008-09-11 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-04 19:54:27 ----D---- C:\WINDOWS\system32\CatRoot_bak 2008-08-25 22:53:23 ----A---- C:\WINDOWS\system32\bass.dll ======List of files/folders modified in the last 1 months====== 2008-09-22 19:42:53 ----D---- C:\WINDOWS\Prefetch 2008-09-22 19:41:03 ----D---- C:\WINDOWS\Internet Logs 2008-09-22 19:07:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-09-22 17:28:36 ----D---- C:\WINDOWS\system32\FxsTmp 2008-09-22 02:51:03 ----SD---- C:\Documents and Settings\PJ Hines\Application Data\Microsoft 2008-09-22 02:41:24 ----RASH---- C:\boot.ini 2008-09-22 02:41:23 ----A---- C:\WINDOWS\win.ini 2008-09-22 02:41:23 ----A---- C:\WINDOWS\system.ini 2008-09-22 02:40:13 ----SHD---- C:\System Volume Information 2008-09-22 02:40:13 ----D---- C:\WINDOWS\system32\Restore 2008-09-22 02:29:42 ----D---- C:\WINDOWS\pss 2008-09-21 23:10:56 ----D---- C:\WINDOWS\system32 2008-09-21 23:10:55 ----D---- C:\WINDOWS\system32\drivers 2008-09-21 23:10:54 ----D---- C:\WINDOWS 2008-09-21 23:09:29 ----D---- C:\WINDOWS\system32\CatRoot2 2008-09-21 23:01:49 ----D---- C:\WINDOWS\AppPatch 2008-09-21 23:01:49 ----D---- C:\Program Files\Common Files 2008-09-20 15:34:08 ----HD---- C:\hp 2008-09-20 14:26:48 ----D---- C:\WINDOWS\Help 2008-09-20 14:00:18 ----SHD---- C:\WINDOWS\Installer 2008-09-20 14:00:15 ----HD---- C:\Config.Msi 2008-09-20 13:58:26 ----D---- C:\Documents and Settings 2008-09-20 00:48:12 ----A---- C:\WINDOWS\OEWABLog.txt 2008-09-20 00:29:03 ----SD---- C:\WINDOWS\Tasks 2008-09-19 20:09:02 ----D---- C:\Program Files\mIRC 2008-09-19 15:01:08 ----D---- C:\Program Files\Quicken 2008-09-19 12:07:59 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-09-19 07:52:21 ----D---- C:\WINDOWS\system32\config 2008-09-19 07:41:23 ----RD---- C:\Program Files 2008-09-19 07:39:37 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-09-18 20:29:21 ----D---- C:\WINDOWS\system32\$sys$filesystem 2008-09-17 13:37:11 ----D---- C:\WINDOWS\WinSxS 2008-09-17 13:37:11 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-09-17 13:07:33 ----HD---- C:\WINDOWS\inf 2008-09-11 16:32:34 ----D---- C:\WINDOWS\Minidump 2008-09-11 03:03:16 ----A---- C:\WINDOWS\imsins.BAK 2008-09-11 03:02:23 ----HD---- C:\WINDOWS\$hf_mig$ 2008-09-04 21:07:43 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-09-04 21:03:17 ----D---- C:\WINDOWS\system32\CatRoot 2008-09-04 19:54:27 ----D---- C:\WINDOWS\Debug 2008-09-03 17:43:20 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt 2008-08-25 22:55:58 ----D---- C:\Program Files\NetBattle ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-17 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-17 26824] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-17 76040] R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-04-04 839880] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-10-21 49920] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-10-21 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-22 21568] R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874] R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497] R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-04-06 28256] R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376] S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [] S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348] S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006] S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504] S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912] S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000] S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-08-12 265344] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-04-04 177672] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-17 875288] S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Radialpoint Security Services;Radialpoint Security Services; C:\WINDOWS\system32\dllhost.exe [2004-08-04 5120] S3 RPSUpdaterR;Radialpoint Unicorn Update Service; C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe [2008-03-17 99056] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040] S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264] S4 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] -----------------EOF----------------- |
|
     
|
|
09-26-2008, 10:01 PM
|
#2 (permalink) |
|
Registered User
Join Date: Sep 2008
Posts: 2
OS: xp
|
Re: Google redirects and hearing past audio in speakers long after a system shutdown!
new rsit log:
xcrewt457ComboFix 08-09-25.05 - PJ Hines 2008-09-26 19:26:37.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.61 [GMT -4:00] Running from: C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Christopher Hines\Start Menu\Programs\Startup\.lnk D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 ))))))))))))))))))))))))))))))) . 2008-09-26 05:07 . 2008-09-26 05:07 <DIR> d-------- C:\Documents and Settings\New Folder (2) 2008-09-25 23:28 . 2008-09-25 23:28 <DIR> d-------- C:\Documents and Settings\PJ Hines\Application Data\Lavasoft 2008-09-25 22:28 . 2008-09-25 22:28 <DIR> d-------- C:\Documents and Settings\PJ Hines\Application Data\MailFrontier 2008-09-24 04:07 . 2008-09-24 04:07 <DIR> d-------- C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\Application Data\MailFrontier 2008-09-24 03:57 . 2008-09-24 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-09-24 03:57 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-09-24 03:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-09-24 02:47 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-09-24 02:18 . 2008-09-26 04:11 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2008-09-24 02:18 . 2008-09-26 19:34 352,919 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-09-23 22:52 . 2008-09-23 23:05 96,976 --------- C:\WINDOWS\system32\drivers\klin.dat 2008-09-23 22:52 . 2008-09-23 22:52 87,855 --------- C:\WINDOWS\system32\drivers\klick.dat 2008-09-23 22:50 . 2008-09-23 22:50 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-09-23 22:50 . 2008-09-23 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-09-23 22:50 . 2008-09-26 19:55 6,062,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-09-23 22:50 . 2008-09-24 04:02 385,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-09-23 22:50 . 2008-09-26 19:32 82,220 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-09-23 22:50 . 2008-09-24 04:02 2,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-09-23 22:48 . 2008-09-23 22:48 <DIR> d-------- C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\New Folder 2008-09-23 21:20 . 2008-09-23 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-09-22 22:51 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-22 02:46 . 2008-09-22 02:46 <DIR> d---s---- C:\Documents and Settings\PJ Hines\UserData 2008-09-21 22:21 . 2008-09-21 22:21 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-21 01:22 . 2008-09-21 01:22 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-W04GTXLD67\Application Data\NCH Swift Sound 2008-09-20 14:42 . 2008-09-20 14:42 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-W04GTXLD67\Application Data\ACD Systems 2008-09-20 14:39 . 2008-09-20 14:39 <DIR> d-------- C:\Documents and Settings\Christopher Hines\Application Data\Leadertech 2008-09-20 13:58 . 2003-10-11 08:30 <DIR> d-------- C:\Documents and Settings\Christopher Hines\WINDOWS 2008-09-20 13:58 . 2007-06-19 12:14 <DIR> d-------- C:\Documents and Settings\Christopher Hines\Application Data\Verizon 2008-09-20 13:58 . 2003-10-14 09:31 <DIR> d-------- C:\Documents and Settings\Christopher Hines\Application Data\Symantec 2008-09-20 13:58 . 2003-10-11 08:06 <DIR> d-------- C:\Documents and Settings\Christopher Hines\Application Data\Sonic 2008-09-20 13:58 . 2003-10-11 09:03 <DIR> d-------- C:\Documents and Settings\Christopher Hines\Application Data\SampleView 2008-09-20 13:58 . 2005-08-09 18:05 <DIR> d-------- C:\Documents and Settings\Christopher Hines\Application Data\Motive 2008-09-20 13:58 . 2003-10-14 09:35 <DIR> d-------- C:\Documents and Settings\Christopher Hines\Application Data\interMute 2008-09-20 13:58 . 2008-09-20 14:40 <DIR> d-------- C:\Documents and Settings\Christopher Hines 2008-09-19 06:07 . 2008-09-19 06:07 <DIR> d-------- C:\rsit 2008-09-19 05:52 . 2008-09-26 01:35 0 --a------ C:\rollback.ini 2008-09-18 22:27 . 2008-09-18 22:27 <DIR> d-------- C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\Application Data\Lavasoft 2008-09-18 00:55 . 2008-09-18 00:55 0 --a------ C:\WINDOWS\CDProxyServ.mdmp 2008-09-17 23:06 . 2008-09-17 23:06 <DIR> d-------- C:\Documents and Settings\Brian Hines.YOUR-W04GTXLD67\Application Data\Lavasoft 2008-09-17 21:58 . 2008-09-17 21:58 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-09-17 14:52 . 2008-09-17 14:52 <DIR> d-------- C:\Documents and Settings\Brian Hines.YOUR-W04GTXLD67\Application Data\Apple Computer 2008-09-17 13:06 . 2008-09-17 13:06 <DIR> d-------- C:\Program Files\Zone Labs 2008-09-17 12:43 . 2008-09-17 12:43 <DIR> d-------- C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\Application Data\Uniblue 2008-09-17 02:29 . 2008-09-17 02:29 104,737 --ah----- C:\WINDOWS\system32\twain_32\0B1BC753.uf 2008-09-17 02:29 . 2008-09-17 02:29 98,317 --ah----- C:\WINDOWS\system32\twain_32\0B1BDF6E.uf 2008-09-17 02:29 . 2008-09-17 02:29 13,813 --ah----- C:\WINDOWS\system32\twain_32\0B1BC918.uf 2008-09-17 02:29 . 2008-09-17 02:29 4,925 --ah----- C:\WINDOWS\system32\twain_32\0B1BDEB3.uf 2008-09-17 02:04 . 2008-09-17 02:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HPAppData 2008-09-17 02:01 . 2008-09-17 02:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo! 2008-09-17 01:59 . 2008-09-17 01:59 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData 2008-09-17 01:58 . 2008-09-17 01:58 <DIR> d--hs---- C:\Documents and Settings\LocalService\Application Data\twain_32 2008-09-17 01:57 . 2008-09-19 07:33 <DIR> d--hs---- C:\WINDOWS\system32\twain_32 2008-09-17 01:57 . 2008-09-19 07:33 47,566 --a------ C:\WINDOWS\system32\twain_32\local.ds 2008-09-17 01:57 . 2008-09-19 07:06 26,822 --------- C:\WINDOWS\system32\twain_32\user.ds.cla 2008-09-17 01:57 . 2008-09-19 07:51 1,364 --a------ C:\WINDOWS\system32\twain_32\user.ds 2008-09-15 20:57 . 2008-09-15 20:57 <DIR> d-------- C:\Program Files\Citrix 2008-09-10 22:55 . 2008-09-10 22:55 <DIR> d-------- C:\Documents and Settings\New Folder 2008-09-06 07:33 . 2008-09-06 07:33 <DIR> d-------- C:\Documents and Settings\Linda Hines.YOUR-W04GTXLD67\Application Data\Flickr 2008-09-04 19:54 . 2008-09-04 21:03 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-26 02:30 4,123 ----a-w C:\WINDOWS\viassary-hp.reg 2008-09-24 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo 2008-09-23 02:51 --------- d-----w C:\Program Files\Java 2008-09-20 00:09 --------- d-----w C:\Program Files\mIRC 2008-09-19 19:01 --------- d-----w C:\Program Files\Quicken 2008-09-19 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-09-19 10:04 --------- d-----w C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\Application Data\interMute 2008-09-17 16:56 --------- d-----w C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\Application Data\Apple Computer 2008-08-27 03:04 --------- d-----w C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\Application Data\AdobeUM 2008-08-26 02:55 --------- d-----w C:\Program Files\NetBattle 2008-08-19 02:33 --------- d-----w C:\Program Files\Radialpoint 2008-08-01 04:20 --------- d-----w C:\Program Files\verizon 2008-07-30 07:12 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-30 00:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat 2008-07-29 17:20 --------- d-----w C:\Program Files\Common Files\Scanner 2008-07-29 17:18 --------- d-----w C:\Program Files\Common Files\Authentium 2008-07-29 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-29 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Verizon . ((((((((((((((((((((((((((((( snapshot@2008-09-19_ 8.51.17.79 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-19 10:53:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-24 02:56:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-09-19 10:53:40 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-09-24 02:56:40 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-09-19 10:53:40 196,608 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-09-24 02:56:40 196,608 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-07-21 22:34:36 121,872 ------w C:\WINDOWS\system32\drivers\kl1.sys + 2008-01-29 22:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys + 2008-04-30 22 48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys- 2003-10-11 10:51:59 24,670 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2003-10-11 10:51:59 28,768 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-07-30 00:21:42 218,376 ----a-w C:\WINDOWS\system32\klogon.dll - 2008-09-19 11:57:21 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat + 2008-09-26 00:59:47 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat - 2008-09-19 11:56:03 14,896 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat + 2008-09-26 09:51:45 110,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat - 2008-09-17 17:31:29 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll + 2008-09-26 02:40:30 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll - 2008-09-19 10:01:00 9,932,156 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat + 2008-09-26 05:51:31 10,026,049 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat - 2008-09-19 09:53:36 9,900,691 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat + 2008-09-26 05:49:52 9,900,691 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat - 2008-09-19 12:15:24 3,932,672 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat + 2008-09-26 10:45:31 59,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-08-19 C:\WINDOWS\system32\nview.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 118784] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 155648] "VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-11-04 45056] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "LTMSG"="LTMSG.exe" [2003-07-14 C:\WINDOWS\ltmsg.exe] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2003-10-11 28672] C:\Documents and Settings\Brian Hines.YOUR-W04GTXLD67\Start Menu\Programs\Startup\ Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2003-10-11 28672] C:\Documents and Settings\Christopher Hines\Start Menu\Programs\Startup\ Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2003-10-11 28672] C:\Documents and Settings\Eric Hines.YOUR-W04GTXLD67\Start Menu\Programs\Startup\ Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2003-10-11 28672] C:\Documents and Settings\Linda Hines.YOUR-W04GTXLD67\Start Menu\Programs\Startup\ Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2003-10-11 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-04 5120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-RecordNow! - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\PJ Hines\Application Data\Mozilla\Firefox\Profiles\ztoqx35r.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 19:52:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe . ************************************************************************** . Completion time: 2008-09-26 20:02:32 - machine was rebooted [PJ Hines] ComboFix-quarantined-files.txt 2008-09-27 00:02:22 ComboFix2.txt 2008-09-22 03:10:51 ComboFix3.txt 2008-09-20 02:16:58 ComboFix4.txt 2008-09-19 12:53:06 Pre-Run: 41,035,505,664 bytes free Post-Run: 41,017,643,008 bytes free 204 --- E O F --- 2008-09-26 07:57:33 |
|
|
|
|
| Thread Tools | |
|
|
