|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-01-2008, 10:36 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
 |
perfs, routing - random sound clips??
So with my own research and trying to fix things myself i know i've got routing and perfs and had/have indt2.sys. Somewhere i read that these programs might be the cause of these random sound clips that play on my laptop occasionally. They're sometimes advertisements, sometimes they sound like movie previews, and sometimes its just techno music for about 5 seconds.
That is the main source of my frustration, although i'd bet that there is some other spyware that i don't realize I have. Norton was originally installed, but after it expired AVG free version was used with spybot search and destroy. I've tried removing some of the files i've found to be malware by myself, but they mostly keep coming back (especially routing and perfs) Deckard's System Scanner v20071014.68 Run by Tyler Froelich on 2008-07-01 17:26:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 33: 2008-07-01 21:26:49 UTC - RP94 - Deckard's System Scanner Restore Point 32: 2008-06-30 21:52:58 UTC - RP93 - System Checkpoint 31: 2008-06-29 21:02:49 UTC - RP92 - Installed Windows XP KB951698. 30: 2008-06-29 21:01:52 UTC - RP91 - Installed Windows XP KB951376-v2. 29: 2008-06-29 21:01:03 UTC - RP90 - Installed Windows XP KB951376. -- First Restore Point -- 1: 2008-04-03 22:33:08 UTC - RP62 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Tyler Froelich.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:30:06 PM, on 7/1/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\afinding.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\routing.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\perfs.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: mirrorboard.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (file missing) O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe -- End of file - 10570 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080619-100310-543 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe backup-20080619-100310-625 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe backup-20080619-141949-325 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe backup-20080619-141949-898 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe backup-20080620-135030-291 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe backup-20080620-135030-780 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe backup-20080620-135308-764 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) backup-20080620-135308-984 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) backup-20080622-143453-143 O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe backup-20080622-144809-348 O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe backup-20080623-124736-457 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe backup-20080623-124736-648 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe backup-20080623-124918-181 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe backup-20080623-124918-786 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe backup-20080624-002738-499 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe backup-20080624-002738-715 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe backup-20080625-002327-556 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe backup-20080625-002327-851 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe backup-20080625-004038-702 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) backup-20080625-004038-785 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System> R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections> R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System> R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay> R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility> R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0> R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing) S3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AFinding (AFinding Service ) - c:\windows\system32\afinding.exe R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe R2 QCONSVC - system32\qconsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility> R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module> R2 Routing (Routing Service) - c:\windows\system32\routing.exe R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe R2 WServing (WServing Service) - c:\windows\system32\wserving.exe S2 RServer3 (Radmin Server V3) - "c:\windows\system32\rserver30\rserver3.exe" /service (file missing) S3 ACS (ACU Configuration Service) - c:\windows\system32\acs.exe S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia 5300 Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia 5300 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2008-07-01 17:27:00 428 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-07-01 13:32:03 506 --a------ C:\WINDOWS\Tasks\BMMTask.job 2008-07-01 07:50:36 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-06-20 15:00:00 426 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job -- Files created between 2008-06-01 and 2008-07-01 ----------------------------- 2008-07-01 17:23:43 0 d-------- C:\Program Files\SpywareBlaster 2008-07-01 07:50:30 0 d-------- C:\Program Files\Apple Software Update 2008-07-01 00:14:38 0 d-------- C:\WINDOWS\LastGood 2008-06-30 23:15:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\Apple Computer 2008-06-29 17  36 0 d-------- C:\WINDOWS\Prefetch2008-06-29 16:48:15 0 d-------- C:\WINDOWS\system32\scripting 2008-06-29 16:48:14 0 d-------- C:\WINDOWS\l2schemas 2008-06-29 16:48:13 0 d-------- C:\WINDOWS\system32\en 2008-06-29 16:48:13 0 d-------- C:\WINDOWS\system32\bits 2008-06-29 16:45:31 0 d-------- C:\WINDOWS\ServicePackFiles 2008-06-29 16:40:18 0 d-------- C:\WINDOWS\network diagnostic 2008-06-29 15:36:06 0 d---s---- C:\Documents and Settings\Tyler Froelich\UserData 2008-06-29 15:14:01 0 d-------- C:\Program Files\Panda Security 2008-06-29 12:48:46 0 d-------- C:\Program Files\Sun 2008-06-29 12:39:50 0 d-------- C:\Documents and Settings\Tyler Froelich\.SunDownloadManager 2008-06-25 14:57:11 305664 --a------ C:\WINDOWS\system32\andt.sys 2008-06-25 00:45:30 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\Help 2008-06-22 14:43:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-06-22 14:43:50 0 d-------- C:\Program Files\Security Task Manager 2008-06-21 11:55:11 0 d-------- C:\Documents and Settings\LocalService\My Documents 2008-06-19 09:59:05 0 d-------- C:\Program Files\Trend Micro 2008-06-18 12:17:15 0 d--h----- C:\$AVG8.VAULT$ 2008-06-18 12:08:11 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-18 12:07:59 0 d-------- C:\Program Files\AVG 2008-06-18 12:07:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-17 18:01:31 1160 --a------ C:\WINDOWS\mozver.dat 2008-06-17 12:52:31 0 d-------- C:\Program Files\Common Files\PCSuite 2008-06-17 12:49:48 0 d-------- C:\Program Files\PC Connectivity Solution -- Find3M Report --------------------------------------------------------------- 2008-07-01 17:26:29 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\stickies 2008-06-29 16:50:19 0 d-------- C:\Program Files\Messenger 2008-06-29 16:48:12 0 d-------- C:\Program Files\Movie Maker 2008-06-29 16:44:58 0 d-------- C:\Program Files\Windows NT 2008-06-29 12:48:37 0 d-------- C:\Program Files\Java 2008-06-25 23:47:58 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\uTorrent 2008-06-25 17:40:52 0 d-------- C:\Program Files\Trillian 2008-06-20 01:39:22 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\Mozilla 2008-06-18 13:20:26 0 d-------- C:\Program Files\Folder Lock 2008-06-17 12:52:32 0 d-------- C:\Program Files\Common Files\Nokia 2008-06-17 12:52:31 0 d-------- C:\Program Files\Common Files 2008-06-17 12:52:12 0 d-------- C:\Program Files\Nokia 2008-06-13 23:36:53 445 --a------ C:\WINDOWS\EntPack.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "S3TRAY2"="S3Tray2.exe" [10/12/2001 03:32 AM C:\WINDOWS\system32\S3Tray2.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [06/16/2004 02:53 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/16/2004 02:53 PM] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/04/2004 10:39 PM] "TpShocks"="TpShocks.exe" [03/26/2004 07:16 PM C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [08/17/2004 10:32 PM] "TP4EX"="tp4ex.exe" [09/04/2002 05:05 AM C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 06:04 AM] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 04:52 PM] "UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [07/14/2004 08:34 PM] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 05:01 AM] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [07/27/2004 05:05 AM] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [07/29/2004 05:37 AM] "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [07/29/2004 05:37 AM] "BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 05:42 AM C:\WINDOWS\system32\bthprops.cpl] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [05/14/2003 03:01 AM] "PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [08/06/2003 05:08 PM] "QCWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [08/18/2004 04:30 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03/02/2008 02:06 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "TrackPointSrv"="tp4serv.exe" [11/13/2003 07:12 AM C:\WINDOWS\system32\tp4serv.exe] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/18/2008 12:08 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [04/01/2004 11:52 AM] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [03/26/2004 03:40 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM] C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\ mirrorboard.exe [12/16/2007 2:59:38 AM] Stickies.lnk - C:\Program Files\stickies\stickies.exe [3/9/2007 1:28:19 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/10/2004 12:33:46 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll 08/18/2004 04:30 AM 258048 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WinVNC4"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55b9aa0-a9fb-11dc-a616-00054e4c5969}] AutoRun\command- E:\LaunchU3.exe -a -- Hosts ----------------------------------------------------------------------- 127.0.0.1 .archivioadulti.com 127.0.0.1 .internet-explorer.name 127.0.0.1 .katasearch.com 127.0.0.1 .preferiti-windows.com 127.0.0.1 .qoogler.com 127.0.0.1 .tuttoavolonta.com 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 8784 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-01 17:33:41 ------------ |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-05-2008, 09:30 AM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,620
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs, routing - random sound clips??
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) We'll use this later. --------------------------------------------------------------------------------------------- Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed.  Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Post the log from ComboFix (C:\ComboFix.txt) at the end of this fix. --------------------------------------------------------------------------------------------- Please then reboot your computer in Safe Mode by doing the following :
--------------------------------------------------------------------------------------------- Run DSS once again, and post it's log, main.txt --------------------------------------------------------------------------------------------- Please post the logs from: ComboFix (C:\ComboFix.txt) SDFix (C:\SDFix\report.txt) DSS (main.txt) If you have any questions along the way, STOP and ask them before proceeding.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
07-05-2008, 11:10 AM
|
#4 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
First off, thanks for your help and attention-- i really appreciate it.
I followed your instructions and here are the three text files for combofix, sdfix, and dss. -tyler froelich ComboFix 08-07-04.6 - Tyler Froelich 2008-07-05 12:07:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.489 [GMT -4:00] Running from: C:\Documents and Settings\Tyler Froelich\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tyler Froelich\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\afinding.exe C:\WINDOWS\system32\andt.sys C:\WINDOWS\system32\comsa32.sys C:\WINDOWS\system32\drmgs.sys C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\tmp0_876078250637.bk C:\WINDOWS\system32\WServing.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFINDING -------\Legacy_PERFMONS -------\Legacy_ROUTING -------\Legacy_WSERVING -------\Service_AFinding -------\Service_perfmons -------\Service_Routing -------\Service_WServing ((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))) . 2008-07-05 11:47 . 2008-07-05 02:05 <DIR> d-------- C:\SDFix 2008-07-05 11:16 . 2008-07-05 12:03 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\Application Data\gtk-2.0 2008-07-05 11:16 . 2008-07-05 11:16 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.thumbnails 2008-07-04 00:19 . 2008-07-04 00:19 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-04 00:19 . 2008-07-04 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-04 00:18 . 2008-07-04 00:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Program Files\X-Setup Pro 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\Application Data\X-Setup Pro 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\X-Setup Pro 2008-07-03 23:06 . 2008-07-05 12:03 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.gimp-2.4 2008-07-03 23:05 . 2008-07-03 23:05 <DIR> d-------- C:\Program Files\GIMP-2.0 2008-07-01 17:26 . 2008-07-01 17:26 <DIR> d-------- C:\Deckard 2008-07-01 17:23 . 2008-07-01 17:24 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-01 07:50 . 2008-07-01 07:50 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-30 23:15 . 2008-06-30 23:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Apple Computer 2008-06-29 16:50 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-06-29 16:50 . 2008-04-13 22:57 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll 2008-06-29 16:50 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll 2008-06-29 16:49 . 2008-04-14 05:41 233,472 --------- C:\WINDOWS\system32\azroles.dll 2008-06-29 16:49 . 2008-04-14 05:41 136,192 --------- C:\WINDOWS\system32\aaclient.dll 2008-06-29 16:49 . 2008-04-14 05:42 10,752 --------- C:\WINDOWS\system32\smtpapi.dll 2008-06-29 16:49 . 2008-04-14 05:42 9,728 --------- C:\WINDOWS\system32\rwnh.dll 2008-06-29 16:49 . 2008-04-14 05:41 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll 2008-06-29 16:45 . 2008-06-29 16:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-29 16:40 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-06-29 16:40 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-06-29 16:38 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003033_.tmp 2008-06-29 15:36 . 2008-06-29 15:36 <DIR> d---s---- C:\Documents and Settings\Tyler Froelich\UserData 2008-06-29 15:14 . 2008-06-29 17:14 <DIR> d-------- C:\Program Files\Panda Security 2008-06-29 12:48 . 2008-06-29 12:48 <DIR> d-------- C:\Program Files\Sun 2008-06-29 12:39 . 2008-06-29 12:40 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.SunDownloadManager 2008-06-22 14:43 . 2008-06-25 00:45 <DIR> d-------- C:\Program Files\Security Task Manager 2008-06-22 14:43 . 2008-07-04 04:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-06-19 10:03 . 2008-06-19 10:03 <DIR> d-------- C:\_OTMoveIt 2008-06-19 09:59 . 2008-06-19 09:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-18 12:17 . 2008-07-05 10:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-18 12:08 . 2008-07-05 10:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-18 12:08 . 2008-07-03 10:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-18 12:08 . 2008-06-18 12:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old 2008-06-18 12:08 . 2008-07-03 10:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-18 12:07 . 2008-06-18 12:07 <DIR> d-------- C:\Program Files\AVG 2008-06-18 12:07 . 2008-06-18 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-17 18:24 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-06-17 18:24 . 2008-06-17 18:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-06-17 18:24 . 2008-06-17 18:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-06-17 18:01 . 2008-06-17 18:01 1,160 --a------ C:\WINDOWS\mozver.dat 2008-06-17 12:52 . 2008-06-17 12:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-06-17 12:50 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-06-17 12:49 . 2008-06-17 12:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-06-17 12:48 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-06-17 12:48 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-06-17 12:48 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-06-17 12:48 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-06-17 12:48 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-06-17 12:48 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-06-14 02:11 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-14 02:10 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-05 16:05 --------- d-----w C:\Documents and Settings\Tyler Froelich\Application Data\stickies 2008-07-05 16:02 --------- d-----w C:\Documents and Settings\Tyler Froelich\Application Data\uTorrent 2008-07-03 20:28 --------- d-----w C:\Program Files\Trillian 2008-06-29 16:48 --------- d-----w C:\Program Files\Java 2008-06-18 17:20 --------- d-----w C:\Program Files\Folder Lock 2008-06-17 16:52 --------- d-----w C:\Program Files\Nokia 2008-06-17 16:52 --------- d-----w C:\Program Files\Common Files\Nokia 2008-06-17 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-14 09:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll 2008-04-14 09:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll 2008-04-14 09:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll 2008-04-14 09:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll 2008-04-14 09:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll 2008-04-14 09:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll 2008-02-08 15:27 1,914 ----a-w C:\Documents and Settings\Tyler Froelich\Application Data\SAS7_000.DAT 2007-12-13 23:37 1,491,592 ----a-w C:\Program Files\install_flash_player.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 14:53 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 14:53 512000] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 22:39 897024] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-17 22:32 94208] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 06:04 208896] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 16:52 339968] "UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2004-07-14 20:34 36864] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 05:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-27 05:05 122939] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 05:37 20480] "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 05:37 395776] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 03:01 188416] "PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 17:08 86016] "QCWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 04:30 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-02 14:06 29744] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 10:21 1232152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 11:52 1368064] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 15:40 794624] "S3TRAY2"="S3Tray2.exe" [2001-10-12 03:32 69632 C:\WINDOWS\system32\S3Tray2.exe] "TpShocks"="TpShocks.exe" [2004-03-26 19:16 102400 C:\WINDOWS\system32\TpShocks.exe] "TP4EX"="tp4ex.exe" [2002-09-04 05:05 53248 C:\WINDOWS\system32\TP4EX.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl] "TrackPointSrv"="tp4serv.exe" [2003-11-13 07:12 94208 C:\WINDOWS\system32\tp4serv.exe] C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\ mirrorboard.exe [2007-12-16 02:59:38 215411] Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-09 01:28:19 700416] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-11-10 12:33:46 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2004-08-18 04:30 258048 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll = [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WinVNC4"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"= "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"= "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-07-06 17:50] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 04:30] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 10:21] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-08-18 04:30] R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-02-02 14:54] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 13:59] R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-07-29 05:37] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 10:21] R2 NOBICYT;NOBICYT;C:\WINDOWS\system32\Nobicyt.exe [2001-08-18 06:00] R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S2 RServer3;Radmin Server V3;C:\WINDOWS\system32\rserver30\RServer3.exe [] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-02 14:06] S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-08-18 04:30] S3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2003-11-13 07:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55b9aa0-a9fb-11dc-a616-00054e4c5969}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-07-01 11:50:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-05 15:33:22 C:\WINDOWS\Tasks\BMMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE "2008-06-20 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-07-05 16:17:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . - - - - ORPHANS REMOVED - - - - HKLM-Run-ISUSPM Startup - c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe MSConfigStartUp-Acrobat Assistant 8 - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe MSConfigStartUp-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe MSConfigStartUp-SSBkgdUpdate - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 12:13:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\QCONSVC.EXE C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\TpKmpSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\mirrorboard.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-07-05 12:21:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-05 16:21:19 Pre-Run: 6,137,589,760 bytes free Post-Run: 6,105,845,760 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 268 --- E O F --- 2008-06-20 14:40:30 SDFix: Version 1.201 Run by Tyler Froelich on Sat 07/05/2008 at 12:39 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 12:49:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07afd20] "001a89a3e602"=hex:ba,79,d2,00,9b,d6,5f,3a,4e,be,83,fa,6c,ef,7a,5b "001784369b49"=hex:73,62,28,1f,5c,94,c9,d3,d5,09,ec,25,1d,68,90,73 "001c352621a3"=hex:f8,83,48,41,d5,35,af,2e,47,23,58,47,55,e2,ba,33 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07afd20] "001a89a3e602"=hex:ba,79,d2,00,9b,d6,5f,3a,4e,be,83,fa,6c,ef,7a,5b "001784369b49"=hex:73,62,28,1f,5c,94,c9,d3,d5,09,ec,25,1d,68,90,73 "001c352621a3"=hex:f8,83,48,41,d5,35,af,2e,47,23,58,47,55,e2,ba,33 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000004e "TracesSuccessful"=dword:00000002 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:IBM Update Connector" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : Files with Hidden Attributes : Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Sun 13 May 2007 25,088 ...H. --- "C:\Documents and Settings\All Users\Documents\shared\~WRL3859.tmp" Fri 14 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 18 Dec 2007 22,528 A..H. --- "C:\Documents and Settings\Tyler Froelich\Application Data\Microsoft\Word\~WRL0003.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Tyler Froelich\Application Data\U3\temp\Launchpad Removal.exe" Finished! Deckard's System Scanner v20071014.68 Run by Tyler Froelich on 2008-07-05 12:57:48 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Tyler Froelich.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:57:57 PM, on 7/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Nobicyt.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\mirrorboard.exe C:\Program Files\stickies\stickies.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Tyler Froelich\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\TYLERF~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: mirrorboard.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (file missing) O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NOBICYT - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 11034 bytes -- Files created between 2008-06-05 and 2008-07-05 ----------------------------- 2008-07-05 12:34:13 0 d-------- C:\WINDOWS\ERUNT 2008-07-05 12:07:17 0 d-------- C:\cmdcons 2008-07-05 12:05:50 68096 --a------ C:\WINDOWS\zip.exe 2008-07-05 12:05:50 49152 --a------ C:\WINDOWS\VFind.exe 2008-07-05 12:05:50 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-07-05 12:05:50 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-07-05 12:05:50 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-07-05 12:05:50 98816 --a------ C:\WINDOWS\sed.exe 2008-07-05 12:05:50 80412 --a------ C:\WINDOWS\grep.exe 2008-07-05 12:05:50 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-07-05 11:16:25 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\gtk-2.0 2008-07-05 11:16:23 0 d-------- C:\Documents and Settings\Tyler Froelich\.thumbnails 2008-07-04 00:19:28 0 d-------- C:\Program Files\Lavasoft 2008-07-04 00:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-04 00:18:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-03 23:16:28 0 d-------- C:\Program Files\X-Setup Pro 2008-07-03 23:16:28 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\X-Setup Pro 2008-07-03 23:16:28 0 d-------- C:\Documents and Settings\All Users\Application Data\X-Setup Pro 2008-07-03 23 07 0 d-------- C:\Documents and Settings\Tyler Froelich\.gimp-2.42008-07-03 23:05:04 0 d-------- C:\Program Files\GIMP-2.0 2008-07-01 17:23:43 0 d-------- C:\Program Files\SpywareBlaster 2008-07-01 07:50:30 0 d-------- C:\Program Files\Apple Software Update 2008-06-30 23:15:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\Apple Computer 2008-06-29 17 36 0 d-------- C:\WINDOWS\Prefetch2008-06-29 16:48:15 0 d-------- C:\WINDOWS\system32\scripting 2008-06-29 16:48:14 0 d-------- C:\WINDOWS\l2schemas 2008-06-29 16:48:13 0 d-------- C:\WINDOWS\system32\en 2008-06-29 16:48:13 0 d-------- C:\WINDOWS\system32\bits 2008-06-29 16:45:31 0 d-------- C:\WINDOWS\ServicePackFiles 2008-06-29 16:40:18 0 d-------- C:\WINDOWS\network diagnostic 2008-06-29 15:36:06 0 d---s---- C:\Documents and Settings\Tyler Froelich\UserData 2008-06-29 15:14:01 0 d-------- C:\Program Files\Panda Security 2008-06-29 12:48:46 0 d-------- C:\Program Files\Sun 2008-06-29 12:39:50 0 d-------- C:\Documents and Settings\Tyler Froelich\.SunDownloadManager 2008-06-25 00:45:30 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\Help 2008-06-22 14:43:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-06-22 14:43:50 0 d-------- C:\Program Files\Security Task Manager 2008-06-21 11:55:11 0 d-------- C:\Documents and Settings\LocalService\My Documents 2008-06-19 09:59:05 0 d-------- C:\Program Files\Trend Micro 2008-06-18 12:17:15 0 d--h----- C:\$AVG8.VAULT$ 2008-06-18 12:08:11 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-18 12:07:59 0 d-------- C:\Program Files\AVG 2008-06-18 12:07:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-17 18:01:31 1160 --a------ C:\WINDOWS\mozver.dat 2008-06-17 12:52:31 0 d-------- C:\Program Files\Common Files\PCSuite 2008-06-17 12:49:48 0 d-------- C:\Program Files\PC Connectivity Solution -- Find3M Report --------------------------------------------------------------- 2008-07-05 12:55:01 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\stickies 2008-07-05 12:02:38 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\uTorrent 2008-07-04 00:18:38 0 d-------- C:\Program Files\Common Files 2008-07-03 16:28:52 0 d-------- C:\Program Files\Trillian 2008-06-29 16:50:19 0 d-------- C:\Program Files\Messenger 2008-06-29 16:48:12 0 d-------- C:\Program Files\Movie Maker 2008-06-29 16:44:58 0 d-------- C:\Program Files\Windows NT 2008-06-29 12:48:37 0 d-------- C:\Program Files\Java 2008-06-20 01:39:22 0 d-------- C:\Documents and Settings\Tyler Froelich\Application Data\Mozilla 2008-06-18 13:20:26 0 d-------- C:\Program Files\Folder Lock 2008-06-17 12:52:32 0 d-------- C:\Program Files\Common Files\Nokia 2008-06-17 12:52:12 0 d-------- C:\Program Files\Nokia 2008-06-13 23:36:53 445 --a------ C:\WINDOWS\EntPack.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "S3TRAY2"="S3Tray2.exe" [10/12/2001 03:32 AM C:\WINDOWS\system32\S3Tray2.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [06/16/2004 02:53 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/16/2004 02:53 PM] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/04/2004 10:39 PM] "TpShocks"="TpShocks.exe" [03/26/2004 07:16 PM C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [08/17/2004 10:32 PM] "TP4EX"="tp4ex.exe" [09/04/2002 05:05 AM C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 06:04 AM] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 04:52 PM] "UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [07/14/2004 08:34 PM] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 05:01 AM] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [07/27/2004 05:05 AM] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [07/29/2004 05:37 AM] "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [07/29/2004 05:37 AM] "BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 05:42 AM C:\WINDOWS\system32\bthprops.cpl] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [05/14/2003 03:01 AM] "PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [08/06/2003 05:08 PM] "QCWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [08/18/2004 04:30 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03/02/2008 02:06 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "TrackPointSrv"="tp4serv.exe" [11/13/2003 07:12 AM C:\WINDOWS\system32\tp4serv.exe] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 10:21 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [04/01/2004 11:52 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [03/26/2004 03:40 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM] C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\ mirrorboard.exe [12/16/2007 2:59:38 AM] Stickies.lnk - C:\Program Files\stickies\stickies.exe [3/9/2007 1:28:19 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/10/2004 12:33:46 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll 08/18/2004 04:30 AM 258048 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WinVNC4"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55b9aa0-a9fb-11dc-a616-00054e4c5969}] AutoRun\command- E:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2008-07-05 13:00:52 ------------ |
|
|
|
|
07-05-2008, 11:21 AM
|
#5 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,620
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs, routing - random sound clips??
That looks a lot better...still more work to do.
First: Please go to: VirusTotal
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
07-05-2008, 11:47 AM
|
#6 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
it doesn't look too pretty-- is this what you want?
Antivirus Version Last Update Result AhnLab-V3 2008.7.4.1 2008.07.05 - AntiVir 7.8.0.64 2008.07.05 TR/Dldr.Delf.jte Authentium 5.1.0.4 2008.07.04 - Avast 4.8.1195.0 2008.07.05 - AVG 7.5.0.516 2008.07.05 - BitDefender 7.2 2008.07.05 - CAT-QuickHeal 9.50 2008.07.04 - ClamAV 0.93.1 2008.07.05 - DrWeb 4.44.0.09170 2008.07.05 - eSafe 7.0.17.0 2008.07.03 - eTrust-Vet 31.6.5927 2008.07.04 - Ewido 4.0 2008.07.05 - F-Prot 4.4.4.56 2008.07.04 - F-Secure 7.60.13501.0 2008.07.03 - Fortinet 3.14.0.0 2008.07.05 Agent.I GData 2.0.7306.1023 2008.07.05 Trojan-Downloader.Win32.Delf.jte Ikarus T3.1.1.26.0 2008.07.05 Trojan.Win32.Refpron.A Kaspersky 7.0.0.125 2008.07.05 Trojan-Downloader.Win32.Delf.jte McAfee 5332 2008.07.04 - Microsoft 1.3704 2008.07.05 Backdoor:Win32/Refpron.A NOD32v2 3244 2008.07.05 - Norman 5.80.02 2008.07.04 - Panda 9.0.0.4 2008.07.05 Suspicious file Prevx1 V2 2008.07.05 - Rising 20.51.42.00 2008.07.04 - Sophos 4.31.0 2008.07.05 Mal/Agent-I Sunbelt 3.1.1509.1 2008.07.04 - Symantec 10 2008.07.05 - TheHacker 6.2.96.371 2008.07.04 - TrendMicro 8.700.0.1004 2008.07.05 - VBA32 3.12.6.8 2008.07.05 suspected of Win32 Shadow Driver Install VirusBuster 4.5.11.0 2008.07.05 - Webwasher-Gateway 6.6.2 2008.07.05 Trojan.Dldr.Delf.jte Additional information File size: 186368 bytes MD5...: b9df8ab3aed2edb738fc3a7090458181 SHA1..: 2bffd4dd372ce39cdcba86295381c039ab49207f SHA256: 851e619d0013b101308b48a7bf580e880dfffe28376cac32cc046394e8666730 SHA512: 718494bbbf0ae4505ba7cc5778927c0a2287fb374a15486fe51869ad6c4de6bb 3a22d280b44e85c56280ca333d07d15a1c00f9ac479809bd8b83cfb4649df284 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10027b20 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0x26f3c 0x27000 6.39 bf2947251a0425d75f606ed8638fc98c DATA 0x28000 0x9a0 0xa00 4.31 01d8d780f9e91dc7783c839dc5007044 BSS 0x29000 0xd01 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x2a000 0xed0 0x1000 4.64 c8baee4960a0f16d6fcf8e1ee89ca3a0 .tls 0x2b000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0x2c000 0x18 0x200 0.26 705af593c60c5d4dc2cc3ce81ff045fb .reloc 0x2d000 0x2824 0x2a00 6.60 d13db3e2456452cd993bfc586b9ab498 .rsrc 0x30000 0x1e00 0x1e00 3.58 e9e1ba4f52ce531023de8ff6901830ac ( 12 imports ) > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, CreateFileA, CloseHandle > user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA > advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey > kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, TerminateProcess, SystemTimeToFileTime, Sleep, SetFileTime, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LocalFileTimeToFileTime, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetVersionExA, GetThreadLocale, GetTempPathA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeLibrary, FormatMessageA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateProcessA, CreateFileA, CreateEventA, CopyFileA, CompareStringA, CloseHandle > version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA > user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA > advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, OpenSCManagerA, CreateServiceA, CloseServiceHandle > kernel32.dll: Sleep > oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VarBstrFromBool, VarBstrFromDate, VarBstrFromCy, VarBoolFromStr, VarCyFromStr, VarDateFromStr, VarR8FromStr, VarI4FromStr, VarNot, VarNeg, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit ( 0 exports ) |
|
|
|
|
07-05-2008, 12:17 PM
|
#7 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,620
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs, routing - random sound clips??
That's exactly what we need.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
07-05-2008, 12:46 PM
|
#8 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
Combo fix finished running and it gave me the log file and asked to connect to the internet. I made sure I had a connection and clicked ok and firefox tried opening file:///C:/ComboFix/CF-Submit.htm which could not be found. I checked the location myself and found that there is nothing located in the folder ComboFix. What should I do?
|
|
|
|
|
07-05-2008, 12:47 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
here is the combofix log
ComboFix 08-07-04.6 - Tyler Froelich 2008-07-05 14:26:02.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.526 [GMT -4:00] Running from: C:\Documents and Settings\Tyler Froelich\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tyler Froelich\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\comsa32.sys C:\WINDOWS\system32\Nobicyt.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NOBICYT -------\Service_NOBICYT ((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))) . 2008-07-05 12:34 . 2008-07-05 12:34 <DIR> d-------- C:\WINDOWS\ERUNT 2008-07-05 11:47 . 2008-07-05 12:54 <DIR> d-------- C:\SDFix 2008-07-05 11:16 . 2008-07-05 12:03 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\Application Data\gtk-2.0 2008-07-05 11:16 . 2008-07-05 11:16 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.thumbnails 2008-07-04 00:19 . 2008-07-04 00:19 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-04 00:19 . 2008-07-04 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-04 00:18 . 2008-07-04 00:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Program Files\X-Setup Pro 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\Application Data\X-Setup Pro 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\X-Setup Pro 2008-07-03 23:06 . 2008-07-05 12:03 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.gimp-2.4 2008-07-03 23:05 . 2008-07-03 23:05 <DIR> d-------- C:\Program Files\GIMP-2.0 2008-07-01 17:26 . 2008-07-01 17:26 <DIR> d-------- C:\Deckard 2008-07-01 17:23 . 2008-07-01 17:24 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-01 07:50 . 2008-07-01 07:50 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-30 23:15 . 2008-06-30 23:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Apple Computer 2008-06-29 16:50 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-06-29 16:50 . 2008-04-13 22:57 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll 2008-06-29 16:50 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll 2008-06-29 16:49 . 2008-04-14 05:41 233,472 --------- C:\WINDOWS\system32\azroles.dll 2008-06-29 16:49 . 2008-04-14 05:41 136,192 --------- C:\WINDOWS\system32\aaclient.dll 2008-06-29 16:49 . 2008-04-14 05:42 10,752 --------- C:\WINDOWS\system32\smtpapi.dll 2008-06-29 16:49 . 2008-04-14 05:42 9,728 --------- C:\WINDOWS\system32\rwnh.dll 2008-06-29 16:49 . 2008-04-14 05:41 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll 2008-06-29 16:45 . 2008-06-29 16:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-29 16:40 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-06-29 16:40 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-06-29 16:38 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003033_.tmp 2008-06-29 15:36 . 2008-06-29 15:36 <DIR> d---s---- C:\Documents and Settings\Tyler Froelich\UserData 2008-06-29 15:14 . 2008-06-29 17:14 <DIR> d-------- C:\Program Files\Panda Security 2008-06-29 12:48 . 2008-06-29 12:48 <DIR> d-------- C:\Program Files\Sun 2008-06-29 12:39 . 2008-06-29 12:40 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.SunDownloadManager 2008-06-22 14:43 . 2008-06-25 00:45 <DIR> d-------- C:\Program Files\Security Task Manager 2008-06-22 14:43 . 2008-07-04 04:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-06-19 10:03 . 2008-06-19 10:03 <DIR> d-------- C:\_OTMoveIt 2008-06-19 09:59 . 2008-06-19 09:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-18 12:17 . 2008-07-05 10:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-18 12:08 . 2008-07-05 10:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-18 12:08 . 2008-07-03 10:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-18 12:08 . 2008-06-18 12:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old 2008-06-18 12:08 . 2008-07-03 10:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-18 12:07 . 2008-06-18 12:07 <DIR> d-------- C:\Program Files\AVG 2008-06-18 12:07 . 2008-06-18 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-17 18:24 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-06-17 18:24 . 2008-06-17 18:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-06-17 18:24 . 2008-06-17 18:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-06-17 18:01 . 2008-06-17 18:01 1,160 --a------ C:\WINDOWS\mozver.dat 2008-06-17 12:52 . 2008-06-17 12:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-06-17 12:50 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-06-17 12:49 . 2008-06-17 12:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-06-17 12:48 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-06-17 12:48 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-06-17 12:48 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-06-17 12:48 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-06-17 12:48 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-06-17 12:48 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-06-14 02:11 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-14 02:10 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-05 18:25 --------- d-----w C:\Documents and Settings\Tyler Froelich\Application Data\stickies 2008-07-05 18:22 --------- d-----w C:\Documents and Settings\Tyler Froelich\Application Data\uTorrent 2008-07-03 20:28 --------- d-----w C:\Program Files\Trillian 2008-06-29 16:48 --------- d-----w C:\Program Files\Java 2008-06-18 17:20 --------- d-----w C:\Program Files\Folder Lock 2008-06-17 16:52 --------- d-----w C:\Program Files\Nokia 2008-06-17 16:52 --------- d-----w C:\Program Files\Common Files\Nokia 2008-06-17 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 06:44 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2008-04-21 06:44 3,066,880 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-14 09:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 09:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 09:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 09:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 09:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll 2008-04-14 09:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 09:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 09:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 09:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 09:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 05:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 04:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 04:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-14 04:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe 2008-04-14 04:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-14 04:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-14 04:01 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 04:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-14 03:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 03:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-14 03:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-14 03:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-14 03:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-14 03:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-14 02:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-04-14 02:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-14 02:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-14 02:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll 2008-04-14 02:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-14 02:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 02:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 02:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 02:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-14 02:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-14 01:56 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-04-14 01:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-14 01:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 01:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2008-02-08 15:27 1,914 ----a-w C:\Documents and Settings\Tyler Froelich\Application Data\SAS7_000.DAT 2007-12-13 23:37 1,491,592 ----a-w C:\Program Files\install_flash_player.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-05_12.21.02.22 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-05 16:13:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-05 18:31:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-05 06:04:55 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-05 16:34:56 6,619,136 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-07-05 16:34:57 303,104 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-07-05 06:04:55 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-07-05 16:34:37 6,619,136 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-07-05 16:34:37 303,104 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 14:53 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 14:53 512000] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 22:39 897024] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-17 22:32 94208] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 06:04 208896] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 16:52 339968] "UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2004-07-14 20:34 36864] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 05:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-27 05:05 122939] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 05:37 20480] "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 05:37 395776] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 03:01 188416] "PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 17:08 86016] "QCWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 04:30 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-02 14:06 29744] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 10:21 1232152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 11:52 1368064] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [BU] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 15:40 794624] "S3TRAY2"="S3Tray2.exe" [2001-10-12 03:32 69632 C:\WINDOWS\system32\S3Tray2.exe] "TpShocks"="TpShocks.exe" [2004-03-26 19:16 102400 C:\WINDOWS\system32\TpShocks.exe] "TP4EX"="tp4ex.exe" [2002-09-04 05:05 53248 C:\WINDOWS\system32\TP4EX.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl] "TrackPointSrv"="tp4serv.exe" [2003-11-13 07:12 94208 C:\WINDOWS\system32\tp4serv.exe] C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\ mirrorboard.exe [2007-12-16 02:59:38 215411] Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-09 01:28:19 700416] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-11-10 12:33:46 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2004-08-18 04:30 258048 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll = [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WinVNC4"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"= "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"= "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-07-06 17:50] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 04:30] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 10:21] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-08-18 04:30] R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-02-02 14:54] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 13:59] R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-07-29 05:37] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 10:21] R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S2 RServer3;Radmin Server V3;C:\WINDOWS\system32\rserver30\RServer3.exe [] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-02 14:06] S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-08-18 04:30] S3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2003-11-13 07:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55b9aa0-a9fb-11dc-a616-00054e4c5969}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-07-01 11:50:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-05 18:09:10 C:\WINDOWS\Tasks\BMMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE "2008-06-20 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-07-05 18:37:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 14:31:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\QCONSVC.EXE C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\TpKmpSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\mirrorboard.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-07-05 14:39:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-05 18:38:54 ComboFix2.txt 2008-07-05 16:21:46 Pre-Run: 5,964,042,240 bytes free Post-Run: 5,948,637,184 bytes free 295 --- E O F --- 2008-06-20 14:40:30 |
|
|
|
|
07-05-2008, 12:50 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
and here is hijack this, but I don't know what to do about the combo fix submit files
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:49:11 PM, on 7/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\mirrorboard.exe C:\Program Files\stickies\stickies.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: mirrorboard.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (file missing) O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 10773 bytes |
|
|
|
|
07-05-2008, 01:03 PM
|
#11 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,620
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs, routing - random sound clips??
There should be on your desktop a file named similar to this:
[4]-Submit_2008-07-05@14.26.zip Please upload it here: http://www.bleepingcomputer.com/subm....php?channel=4 Let me know....
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
07-05-2008, 01:11 PM
|
#13 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,620
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs, routing - random sound clips??
Great. Thanks for submitting the file. Please delete [4]-Submit_2008-07-05@14.25.zip from your desktop now.
Please run this online scan to help look for remnants. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
**Note** To optimize scanning time and produce a more sensible report for review:
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Let me know how the machine is behaving.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
07-05-2008, 05:38 PM
|
#14 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
I haven't heard anymore random soundclips so far and I haven't had any other noticeable problems, but this Kaspersky report doesn't look too good
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, July 05, 2008 7:35:48 PM Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/07/2008 Kaspersky Anti-Virus database records: 916362 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ W:\ Scan Statistics: Total number of scanned objects: 131378 Number of viruses found: 25 Number of infected objects: 38 Number of suspicious objects: 0 Duration of the scan process: 03:38:51 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Tyler Froelich\Application Data\stickies\store.ldb Object is locked skipped C:\Documents and Settings\Tyler Froelich\Application Data\stickies\store.mdb Object is locked skipped C:\Documents and Settings\Tyler Froelich\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Tyler Froelich\Desktop\[4]-Submit_2008-07-05@14.25.zip/Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.jte skipped C:\Documents and Settings\Tyler Froelich\Desktop\[4]-Submit_2008-07-05@14.25.zip ZIP: infected - 1 skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbc2e.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbdam Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbdao Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbeam Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbeao Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbm Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbu2d.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbvm.cf1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\dbvmh.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\fii.cf1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\fiih.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\hp Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\hpt2i.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\rpm.cf1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\rpm1m.cf1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\rpm1mh.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\rpmh.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\safeweb\goog-black-enchashm.cf1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\safeweb\goog-black-enchashmh.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\safeweb\goog-black-urlm.cf1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\safeweb\goog-black-urlmh.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\safeweb\goog-malware-domainm.cf1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\safeweb\goog-malware-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\safeweb\goog-white-domainm.cf1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Google\Google Desktop\ef7988067075\safeweb\goog-white-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Mozilla\Firefox\Profiles\iv7m3dn3.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Mozilla\Firefox\Profiles\iv7m3dn3.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Mozilla\Firefox\Profiles\iv7m3dn3.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Mozilla\Firefox\Profiles\iv7m3dn3.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Application Data\Mozilla\Firefox\Profiles\iv7m3dn3.default\urlclassifier3.sqlite Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Temp\Acr2D92.tmp Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Temp\JET774A.tmp Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Temp\~DFAA5F.tmp Object is locked skipped C:\Documents and Settings\Tyler Froelich\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tyler Froelich\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Tyler Froelich\ntuser.dat.LOG Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\system32\afinding.exe.vir Infected: Trojan-Downloader.Win32.Delf.jqq skipped C:\QooBox\Quarantine\C\WINDOWS\system32\andt.sys.vir Infected: Trojan.Win32.DNSChanger.ews skipped C:\QooBox\Quarantine\C\WINDOWS\system32\routing.exe.vir Infected: Trojan.Win32.Agent.thb skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP100\change.log Object is locked skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP69\A0066412.old Infected: Trojan.Win32.DNSChanger.eoi skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP69\A0066416.exe Infected: Trojan.Win32.Agent.rpo skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP70\A0066635.exe Infected: Trojan.Win32.Agent.sch skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP72\A0066951.sys Infected: Trojan-Clicker.Win32.VB.ays skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP81\A0073191.old Infected: Trojan.Win32.DNSChanger.ewi skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP82\A0074180.exe Infected: Trojan.Win32.Agent.scr skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP94\A0079133.exe Infected: Trojan.Win32.Agent.sus skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP94\A0079134.exe Infected: Trojan.Win32.Agent.suv skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP94\A0079135.exe Infected: Trojan-Downloader.Win32.Delf.jqv skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP95\A0080236.old Infected: Trojan.Win32.DNSChanger.eyl skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP98\A0083212.exe Infected: Trojan-Downloader.Win32.Delf.jsd skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP99\A0083232.exe Infected: Trojan.Win32.Agent.thb skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP99\A0083234.sys Infected: Trojan.Win32.DNSChanger.ews skipped C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP99\A0083236.exe Infected: Trojan-Downloader.Win32.Delf.jqq skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\asck.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.ah skipped C:\WINDOWS\system32\atpsck.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.ai skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\nftscpd.sys Infected: Trojan.Win32.Delf.dbc skipped C:\WINDOWS\system32\ntscpd.sys Infected: Trojan.Win32.Delf.daj skipped C:\WINDOWS\system32\nxtscpd.sys Infected: Trojan.Win32.Delf.dbc skipped C:\WINDOWS\system32\perfs.exe Infected: Trojan.Win32.Agent.tgz skipped C:\WINDOWS\system32\swand.sys Infected: Trojan.Win32.DNSChanger.eyl skipped C:\WINDOWS\system32\sxwand.sys Infected: Trojan.Win32.DNSChanger.ezd skipped C:\WINDOWS\system32\tmp0_776950618798.bk.old Infected: Trojan.Win32.DNSChanger.euo skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\_OTMoveIt\MovedFiles\06192008_100331\WINDOWS\system32\perfs.exe Infected: Trojan.Win32.Agent.ryi skipped C:\_OTMoveIt\MovedFiles\06192008_100331\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.sch skipped C:\_OTMoveIt\MovedFiles\06192008_141952\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.sch skipped C:\_OTMoveIt\MovedFiles\06202008_135032\windows\system32\routing.exe Infected: Trojan.Win32.Agent.sch skipped C:\_OTMoveIt\MovedFiles\06222008_143454\windows\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.jmj skipped C:\_OTMoveIt\MovedFiles\06222008_144811\windows\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.jmj skipped C:\_OTMoveIt\MovedFiles\06232008_124922\windows\system32\routing.exe Infected: Trojan.Win32.Agent.sch skipped C:\_OTMoveIt\MovedFiles\06242008_002740\windows\system32\Indt2.sys Infected: Trojan-Clicker.Win32.VB.azz skipped C:\_OTMoveIt\MovedFiles\06242008_002740\windows\system32\perfs.exe Infected: Trojan.Win32.Agent.scr skipped C:\_OTMoveIt\MovedFiles\06252008_002329\windows\system32\perfs.exe Infected: Trojan.Win32.Agent.scr skipped W:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped W:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP100\change.log Object is locked skipped Scan process completed. |
|
|
|
|
07-05-2008, 06:15 PM
|
#15 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,620
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs, routing - random sound clips??
Some of the finds are in quarantine or System Restore points. We'll deal with them shortly.
Some of those files do not have loading points, so they should be more easily removed. I'd like to collect them as well. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
07-05-2008, 06:39 PM
|
#16 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
ComboFix 08-07-04.6 - Tyler Froelich 2008-07-05 20:28:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.557 [GMT -4:00] Running from: C:\Documents and Settings\Tyler Froelich\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tyler Froelich\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Documents and Settings\Tyler Froelich\Desktop\[4]-Submit_2008-07-05@14.25.zip . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\_OTMoveIt C:\_OTMoveIt\MovedFiles\06192008_100331.log C:\_OTMoveIt\MovedFiles\06192008_100331.res C:\_OTMoveIt\MovedFiles\06192008_100331\WINDOWS\system32\perfs.exe C:\_OTMoveIt\MovedFiles\06192008_100331\WINDOWS\system32\routing.exe C:\_OTMoveIt\MovedFiles\06192008_141952.log C:\_OTMoveIt\MovedFiles\06192008_141952.res C:\_OTMoveIt\MovedFiles\06192008_141952\WINDOWS\system32\perfs.exe C:\_OTMoveIt\MovedFiles\06192008_141952\WINDOWS\system32\routing.exe C:\_OTMoveIt\MovedFiles\06202008_135032.log C:\_OTMoveIt\MovedFiles\06202008_135032.res C:\_OTMoveIt\MovedFiles\06202008_135032\windows\system32\perfs.exe C:\_OTMoveIt\MovedFiles\06202008_135032\windows\system32\routing.exe C:\_OTMoveIt\MovedFiles\06202008_135133.log C:\_OTMoveIt\MovedFiles\06202008_135133.res C:\_OTMoveIt\MovedFiles\06202008_135133\windows\system32\Indt2.sys C:\_OTMoveIt\MovedFiles\06202008_135310.log C:\_OTMoveIt\MovedFiles\06202008_135310.res C:\_OTMoveIt\MovedFiles\06202008_135310\windows\system32\Indt2.sys C:\_OTMoveIt\MovedFiles\06222008_143454.log C:\_OTMoveIt\MovedFiles\06222008_143454.res C:\_OTMoveIt\MovedFiles\06222008_143454\windows\system32\wserving.exe C:\_OTMoveIt\MovedFiles\06222008_144811.log C:\_OTMoveIt\MovedFiles\06222008_144811.res C:\_OTMoveIt\MovedFiles\06222008_144811\windows\system32\afinding.exe C:\_OTMoveIt\MovedFiles\06232008_124922.log C:\_OTMoveIt\MovedFiles\06232008_124922.res C:\_OTMoveIt\MovedFiles\06232008_124922\windows\system32\Indt2.sys C:\_OTMoveIt\MovedFiles\06232008_124922\windows\system32\perfs.exe C:\_OTMoveIt\MovedFiles\06232008_124922\windows\system32\routing.exe C:\_OTMoveIt\MovedFiles\06242008_002740.log C:\_OTMoveIt\MovedFiles\06242008_002740.res C:\_OTMoveIt\MovedFiles\06242008_002740\windows\system32\Indt2.sys C:\_OTMoveIt\MovedFiles\06242008_002740\windows\system32\perfs.exe C:\_OTMoveIt\MovedFiles\06242008_002740\windows\system32\routing.exe C:\_OTMoveIt\MovedFiles\06242008_003238.log C:\_OTMoveIt\MovedFiles\06242008_003238.res C:\_OTMoveIt\MovedFiles\06242008_003238\windows\system32\Indt2.sys C:\_OTMoveIt\MovedFiles\06242008_003323.log C:\_OTMoveIt\MovedFiles\06242008_003323.res C:\_OTMoveIt\MovedFiles\06242008_003323\windows\system32\Indt2.sys C:\_OTMoveIt\MovedFiles\06242008_003327.log C:\_OTMoveIt\MovedFiles\06242008_003327.res C:\_OTMoveIt\MovedFiles\06242008_003337.log C:\_OTMoveIt\MovedFiles\06242008_003337.res C:\_OTMoveIt\MovedFiles\06242008_003352.log C:\_OTMoveIt\MovedFiles\06242008_003352.res C:\_OTMoveIt\MovedFiles\06242008_003403.log C:\_OTMoveIt\MovedFiles\06242008_003403.res C:\_OTMoveIt\MovedFiles\06242008_003403\windows\system32\Indt2.sys C:\_OTMoveIt\MovedFiles\06242008_003405.log C:\_OTMoveIt\MovedFiles\06242008_003405.res C:\_OTMoveIt\MovedFiles\06242008_003412.log C:\_OTMoveIt\MovedFiles\06242008_003412.res C:\_OTMoveIt\MovedFiles\06252008_002329.log C:\_OTMoveIt\MovedFiles\06252008_002329.res C:\_OTMoveIt\MovedFiles\06252008_002329\windows\system32\Indt2.sys C:\_OTMoveIt\MovedFiles\06252008_002329\windows\system32\perfs.exe C:\_OTMoveIt\MovedFiles\06252008_004105.log C:\_OTMoveIt\MovedFiles\06252008_004105.res C:\_OTMoveIt\MovedFiles\06252008_004105\windows\system32\xfst.sys C:\Documents and Settings\Tyler Froelich\Desktop\[4]-Submit_2008-07-05@14.25.zip C:\WINDOWS\system32\asck.exe C:\WINDOWS\system32\atpsck.exe C:\WINDOWS\system32\nftscpd.sys C:\WINDOWS\system32\ntscpd.sys C:\WINDOWS\system32\nxtscpd.sys C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\swand.sys C:\WINDOWS\system32\sxwand.sys C:\WINDOWS\system32\tmp0_776950618798.bk.old . ((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 ))))))))))))))))))))))))))))))) . 2008-07-05 19:51 . 2008-07-05 19:51 <DIR> d-------- C:\Program Files\Synergy 2008-07-05 15:18 . 2008-07-05 15:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-07-05 15:18 . 2008-07-05 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-05 12:34 . 2008-07-05 12:34 <DIR> d-------- C:\WINDOWS\ERUNT 2008-07-05 11:47 . 2008-07-05 12:54 <DIR> d-------- C:\SDFix 2008-07-05 11:16 . 2008-07-05 12:03 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\Application Data\gtk-2.0 2008-07-05 11:16 . 2008-07-05 11:16 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.thumbnails 2008-07-04 00:19 . 2008-07-04 00:19 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-04 00:19 . 2008-07-04 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-04 00:18 . 2008-07-04 00:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Program Files\X-Setup Pro 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\Application Data\X-Setup Pro 2008-07-03 23:16 . 2008-07-03 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\X-Setup Pro 2008-07-03 23:06 . 2008-07-05 12:03 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.gimp-2.4 2008-07-03 23:05 . 2008-07-03 23:05 <DIR> d-------- C:\Program Files\GIMP-2.0 2008-07-01 17:26 . 2008-07-01 17:26 <DIR> d-------- C:\Deckard 2008-07-01 17:23 . 2008-07-01 17:24 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-01 07:50 . 2008-07-01 07:50 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-30 23:15 . 2008-06-30 23:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Apple Computer 2008-06-29 16:50 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-06-29 16:50 . 2008-04-13 22:57 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll 2008-06-29 16:50 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll 2008-06-29 16:49 . 2008-04-14 05:41 233,472 --------- C:\WINDOWS\system32\azroles.dll 2008-06-29 16:49 . 2008-04-14 05:41 136,192 --------- C:\WINDOWS\system32\aaclient.dll 2008-06-29 16:49 . 2008-04-14 05:42 10,752 --------- C:\WINDOWS\system32\smtpapi.dll 2008-06-29 16:49 . 2008-04-14 05:42 9,728 --------- C:\WINDOWS\system32\rwnh.dll 2008-06-29 16:49 . 2008-04-14 05:41 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll 2008-06-29 16:45 . 2008-06-29 16:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-29 16:40 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-06-29 16:40 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-06-29 16:38 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003033_.tmp 2008-06-29 15:36 . 2008-06-29 15:36 <DIR> d---s---- C:\Documents and Settings\Tyler Froelich\UserData 2008-06-29 15:14 . 2008-06-29 17:14 <DIR> d-------- C:\Program Files\Panda Security 2008-06-29 12:48 . 2008-06-29 12:48 <DIR> d-------- C:\Program Files\Sun 2008-06-29 12:39 . 2008-06-29 12:40 <DIR> d-------- C:\Documents and Settings\Tyler Froelich\.SunDownloadManager 2008-06-22 14:43 . 2008-06-25 00:45 <DIR> d-------- C:\Program Files\Security Task Manager 2008-06-22 14:43 . 2008-07-04 04:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-06-19 09:59 . 2008-06-19 09:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-18 12:17 . 2008-07-05 10:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-18 12:08 . 2008-07-05 10:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-18 12:08 . 2008-07-03 10:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-18 12:08 . 2008-06-18 12:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old 2008-06-18 12:08 . 2008-07-03 10:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-18 12:07 . 2008-06-18 12:07 <DIR> d-------- C:\Program Files\AVG 2008-06-18 12:07 . 2008-06-18 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-17 18:24 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-06-17 18:24 . 2008-06-17 18:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-06-17 18:24 . 2008-06-17 18:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-06-17 18:01 . 2008-06-17 18:01 1,160 --a------ C:\WINDOWS\mozver.dat 2008-06-17 12:52 . 2008-06-17 12:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-06-17 12:50 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-06-17 12:49 . 2008-06-17 12:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-06-17 12:48 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-06-17 12:48 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-06-17 12:48 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-06-17 12:48 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-06-17 12:48 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-06-17 12:48 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-06-14 02:11 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-14 02:10 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-06 00:26 --------- d-----w C:\Documents and Settings\Tyler Froelich\Application Data\stickies 2008-07-05 18:22 --------- d-----w C:\Documents and Settings\Tyler Froelich\Application Data\uTorrent 2008-07-03 20:28 --------- d-----w C:\Program Files\Trillian 2008-06-29 16:48 --------- d-----w C:\Program Files\Java 2008-06-18 17:20 --------- d-----w C:\Program Files\Folder Lock 2008-06-17 16:52 --------- d-----w C:\Program Files\Nokia 2008-06-17 16:52 --------- d-----w C:\Program Files\Common Files\Nokia 2008-06-17 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 06:44 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2008-04-21 06:44 3,066,880 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-14 09:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 09:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 09:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 09:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 09:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll 2008-04-14 09:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 09:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 09:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 09:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 09:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 05:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 04:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 04:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-14 04:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe 2008-04-14 04:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-14 04:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-14 04:01 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 04:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-14 03:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 03:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-14 03:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-14 03:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-14 03:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-14 03:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-14 02:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-04-14 02:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-14 02:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-14 02:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll 2008-04-14 02:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-14 02:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 02:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 02:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 02:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-14 02:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-14 01:56 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-04-14 01:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-14 01:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 01:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2008-02-08 15:27 1,914 ----a-w C:\Documents and Settings\Tyler Froelich\Application Data\SAS7_000.DAT 2007-12-13 23:37 1,491,592 ----a-w C:\Program Files\install_flash_player.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-05_12.21.02.22 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-05 16:13:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-06 00:21:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-05 06:04:55 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-05 16:34:56 6,619,136 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-07-05 16:34:57 303,104 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-07-05 06:04:55 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-07-05 16:34:37 6,619,136 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-07-05 16:34:37 303,104 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 14:53 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 14:53 512000] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 22:39 897024] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-17 22:32 94208] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 06:04 208896] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 16:52 339968] "UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2004-07-14 20:34 36864] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 05:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-27 05:05 122939] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 05:37 20480] "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 05:37 395776] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 03:01 188416] "PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 17:08 86016] "QCWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 04:30 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-02 14:06 29744] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 10:21 1232152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 11:52 1368064] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [BU] "S3TRAY2"="S3Tray2.exe" [2001-10-12 03:32 69632 C:\WINDOWS\system32\S3Tray2.exe] "TpShocks"="TpShocks.exe" [2004-03-26 19:16 102400 C:\WINDOWS\system32\TpShocks.exe] "TP4EX"="tp4ex.exe" [2002-09-04 05:05 53248 C:\WINDOWS\system32\TP4EX.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl] "TrackPointSrv"="tp4serv.exe" [2003-11-13 07:12 94208 C:\WINDOWS\system32\tp4serv.exe] C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\ mirrorboard.exe [2007-12-16 02:59:38 215411] Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-09 01:28:19 700416] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-11-10 12:33:46 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2004-08-18 04:30 258048 C:\WINDOWS\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll = [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WinVNC4"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"= "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"= "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Synergy\\synergys.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-07-06 17:50] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 04:30] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 10:21] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-08-18 04:30] R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-02-02 14:54] R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 13:59] R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-07-29 05:37] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 10:21] R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S2 RServer3;Radmin Server V3;C:\WINDOWS\system32\rserver30\RServer3.exe [] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-02 14:06] S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-08-18 04:30] S3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2003-11-13 07:12] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-07-01 11:50:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-05 20:43:02 C:\WINDOWS\Tasks\BMMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE "2008-06-20 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-07-06 00:32:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 20:32:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Completion time: 2008-07-05 20:34:35 ComboFix-quarantined-files.txt 2008-07-06 00:33:55 ComboFix2.txt 2008-07-05 18:39:24 ComboFix3.txt 2008-07-05 16:21:46 Pre-Run: 5,850,636,288 bytes free Post-Run: 5,829,222,400 bytes free 342 --- E O F --- 2008-06-20 14:40:30 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:39:10 PM, on 7/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Tyler Froelich\Start Menu\Programs\Startup\mirrorboard.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: mirrorboard.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (file missing) O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 10833 bytes |
|
|
|
|
07-05-2008, 07:27 PM
|
#17 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,620
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs, routing - random sound clips??
Download GMER Rootkit Scanner from here or here.
Unzip it to your Desktop and double-click gmer.exe Run the program and select the Rootkit tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Copy the log using the Copy button , Open Notepad and paste the log into a new text file (Using Ctrl + V), save it somewhere you can find it, and post the log in this thread. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
07-06-2008, 12:02 AM
|
#18 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
Unless I deselected one of the scan options the "Show all" box was grayed out. So I just told it to scan with all of the other boxes checked.
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-07-06 02:01:17 Windows 5.1.2600 Service Pack 3 ---- Kernel code sections - GMER 1.0.14 ---- ? C:\DOCUME~1\TYLERF~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. ! ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2872] kernel32.dll!ExitProcess 7C81CAFA 2 Bytes JMP 050520B4 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google) .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2872] kernel32.dll!ExitProcess + 3 7C81CAFD 2 Bytes [ 83, 88 ] .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2872] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0505205E C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google) .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2872] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 05052089 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google) ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07afd20 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07afd20@001a89a3e602 0xBA 0x79 0xD2 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07afd20@001784369b49 0x73 0x62 0x28 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e07afd20@001c352621a3 0xF8 0x83 0x48 0x41 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07afd20 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07afd20@001a89a3e602 0xBA 0x79 0xD2 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07afd20@001784369b49 0x73 0x62 0x28 0x1F ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e07afd20@001c352621a3 0xF8 0x83 0x48 0x41 ... ---- EOF - GMER 1.0.14 ---- |
|
|
|
|
07-06-2008, 12:09 AM
|
#19 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,620
OS: 2000 Pro; XP Pro; XP Home
|
Re: perfs, routing - random sound clips??
That all looks fine.
Be sure to delete the other zipped file from your desktop, like this one: C:\Documents and Settings\Tyler Froelich\Desktop\[4]-Submit_2008-07-05@14.25.zip Your logs appear clean.You should be good to go. We still have a few items to address. Go to  -> Run -> copy/paste in the following single line command & click OKcombofix /u  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety.
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
07-06-2008, 12:59 AM
|
#20 (permalink) |
|
Registered User
Join Date: Jun 2008
Location: Virginia
Posts: 12
OS: xp sp3
|
Re: perfs, routing - random sound clips??
hey, thanks so much. i really appreciate all your hard work in helping me fix all this stuff.
I just have one more question on the topic of antivirus programs/spyware programs... I've read many warnings saying do not have more than one installed. Does this mean I should have AVG AND I can have Spybot search and destroy or Ad Aware? and are any of the programs you just suggested antivirus/spyware? would i need to uninstall anything? i've got avg, norton, adaware, spybot etc and i'd just like to know what I should and should not use in combination. also for firewalls-- i should get a third party firewall instead of relying on the windows firewall? |
|
|
|
| Thread Tools | |
|
|
